AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Elastic MapReduce

Amazon Elastic MapReduce (service prefix: elasticmapreduce) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.


Actions Defined by Amazon Elastic MapReduce

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddInstanceGroups Adds instance groups to a running cluster Write
AddJobFlowSteps Adds new steps to a running job flow Write
AddTags Adds tags to an Amazon EMR resource Tagging
CancelSteps Cancels a pending step or steps in a running cluster Write
CreateSecurityConfiguration Creates a security configuration which is stored in the service Write
DeleteSecurityConfiguration Deletes a security configuration Write
DescribeCluster Provides cluster-level details including status, hardware and software configuration, VPC settings, and so on Read
DescribeSecurityConfiguration Provides the details of a security configuration by returning the configuration JSON Read
DescribeStep Provides more detail about the cluster step Read
ListBootstrapActions Provides information about the bootstrap actions associated with a cluster List
ListClusters Provides the status of all clusters visible to this AWS account List
ListInstanceGroups Provides all available details about the instance groups in a cluster List
ListInstances Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when it creates the cluster List
ListSecurityConfigurations Lists all the security configurations visible to this account, providing their creation dates and times, and their names List
ListSteps Provides a list of steps for the cluster List
ModifyInstanceGroups Modifies the number of nodes and configuration settings of an instance group Write
PutAutoScalingPolicy Modifies the number of nodes and configuration settings of an instance group Write
RemoveAutoScalingPolicy Removes an automatic scaling policy from a specified instance group within an EMR cluster Write
RemoveTags Removes tags from an Amazon EMR resource Tagging
RunJobFlow Creates and starts running a new job flow Tagging
SetTerminationProtection Locks a job flow so the Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error Write
SetVisibleToAllUsers Sets whether all AWS Identity and Access Management (IAM) users under your account can access the specified job flows Write
TerminateJobFlows Shuts a list of job flows down Write
ViewEventsFromAllClustersInConsole [permission only] Use the console to view events from all clusters in a region List

Resources Defined by EMR

Amazon Elastic MapReduce has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Elastic MapReduce

EMR has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.