Exemplos de políticas para sub-redes privadas que acessam o Amazon S3 - Amazon EMR
Regiões disponíveis

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

Exemplos de políticas para sub-redes privadas que acessam o Amazon S3

Para sub-redes privadas, no mínimo, você deve fornecer à Amazon a capacidade de acessar os EMR repositórios Amazon Linux. Essa política de sub-rede privada faz parte das políticas de VPC endpoint para acessar o Amazon S3. Com o Amazon EMR 5.25.0 ou posterior, para permitir o acesso com um clique ao servidor de histórico persistente do Spark, você deve permitir que a Amazon EMR acesse o bucket do sistema que coleta os registros de eventos do Spark. Se você ativar o registro em log, forneça PUT permissões para um aws157-logs-* bucket. Para obter mais informações, consulte One-click access to persistent Spark History Server.

Cabe a você determinar as restrições da política que atendam às suas necessidades comerciais. O exemplo de política a seguir fornece permissões para acessar os repositórios Amazon Linux e o bucket do EMR sistema Amazon para coletar registros de eventos do Spark. Ele mostra alguns exemplos de nomes de recursos para os buckets.

Para obter mais informações sobre o uso de IAM políticas com VPC endpoints da Amazon, consulte Políticas de endpoint para o Amazon S3.

O exemplo de política a seguir contém exemplos de recursos na região us-east-1.

{
   "Version": "2008-10-17",
   "Statement": [
       {
           "Sid": "AmazonLinuxAMIRepositoryAccess",
           "Effect": "Allow",
           "Principal": "*",
           "Action": "s3:GetObject",
           "Resource": [
           	"arn:aws:s3:::packages.us-east-1.amazonaws.com/*",
           	"arn:aws:s3:::repo.us-east-1.amazonaws.com/",
           	"arn:aws:s3:::repo.us-east-1.amazonaws.com/*"
           ]
       },
       {
           "Sid": "EnableApplicationHistory",
           "Effect": "Allow",
           "Principal": "*",
           "Action": [
               "s3:Put*",
               "s3:Get*",
               "s3:Create*",
               "s3:Abort*",
               "s3:List*"
           ],
           "Resource": [
           	"arn:aws:s3:::prod.us-east-1.appinfo.src/*"
           ]
       }
   ]
}

O exemplo de política a seguir fornece as permissões necessárias para acessar repositórios do Amazon Linux 2. O Amazon Linux 2 AMI é o padrão.

{
   "Statement": [
       {
           "Sid": "AmazonLinux2AMIRepositoryAccess",
           "Effect": "Allow",
           "Principal": "*",
           "Action": "s3:GetObject",
           "Resource": [
           	"arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*",
           	"arn:aws:s3:::amazonlinux-2-repos-us-east-1/*"
           ]
       }
   ]
}

Regiões disponíveis

A tabela a seguir contém uma lista de buckets por região e inclui um Amazon Resource Name (ARN) para o repositório e uma string que representa o. ARN appinfo.src OARN, ou Amazon Resource Name, é uma string que identifica exclusivamente um recurso. AWS

Região Caixas de repositório AppInfo balde
Leste dos EUA (Ohio) “arn:aws:s3::: packages.us-east-2.amazonaws.com/”, "arn:aws:s3::: repo.us-east-2.amazonaws.com/”, "arn:aws:s3: ::repo.us-east-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.us-east-2.appinfo.src/*”
Leste dos EUA (Norte da Virgínia) “arn:aws:s3::: packages.us-east-1.amazonaws.com/”, "arn:aws:s3::: repo.us-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.us-east-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.us-east-1.appinfo.src/*”
Oeste dos EUA (Norte da Califórnia) “arn:aws:s3::: packages.us-west-1.amazonaws.com/”, "arn:aws:s3::: repo.us-west-1.amazonaws.com/”, "arn:aws:s3: ::repo.us-west-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.us-west-1.appinfo.src/*”
Oeste dos EUA (Oregon) “arn:aws:s3::: packages.us-west-2.amazonaws.com/”, "arn:aws:s3::: repo.us-west-2.amazonaws.com/”, "arn:aws:s3: ::repo.us-west-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.us-west-2.appinfo.src/*”
África (Cidade do Cabo) “arn:aws:s3::: packages.af-south-1.amazonaws.com/”, "arn:aws:s3::: repo.af-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.af-south-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.af-south-1.appinfo.src/*”
África (Cidade do Cabo) “arn:aws:s3::: packages.ap-east-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-east-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-east-1.appinfo.src/*”
Ásia-Pacífico (Hyderabad) “arn:aws:s3::: packages.ap-south-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-south-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-south-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-south-2.appinfo.src/*”
Ásia-Pacífico (Jacarta) “arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-3.appinfo.src/*”
Ásia-Pacífico (Malásia) “arn:aws:s3::: packages.ap-southeast-5.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-5.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-5.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-5.appinfo.src/*”
Ásia-Pacífico (Melbourne) “arn:aws:s3::: packages.ap-southeast-4.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-4.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-4.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-south-2.appinfo.src/*”
Ásia-Pacífico (Jacarta) “arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-4.appinfo.src/*”
Ásia Pacífico (Mumbai) “arn:aws:s3::: packages.ap-south-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-south-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-south-1.appinfo.src/*”
Asia Pacific (Osaka) “arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-4.appinfo.src/*”
Ásia-Pacífico (Seul) “arn:aws:s3::: packages.ap-northeast-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-northeast-2.appinfo.src/*”
Ásia-Pacífico (Singapura) “arn:aws:s3::: packages.ap-southeast-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-1.appinfo.src/*”
Ásia-Pacífico (Sydney) “arn:aws:s3::: packages.ap-southeast-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-southeast-2.appinfo.src/*”
Ásia-Pacífico (Tóquio) “arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-northeast-1.appinfo.src/*”
Canadá (Central) “arn:aws:s3::: packages.ca-central-1.amazonaws.com/”, "arn:aws:s3::: repo.ca-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.ca-central-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ca-central-1.appinfo.src/*”
Oeste do Canadá (Calgary) “arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.ap-northeast-1.appinfo.src/*”
Europa (Frankfurt) “arn:aws:s3::: packages.eu-central-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-central-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-central-1.appinfo.src/*”
Europa (Irlanda) “arn:aws:s3::: packages.eu-west-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-west-1.appinfo.src/*”
Europa (Londres) “arn:aws:s3::: packages.eu-west-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-west-2.appinfo.src/*”
Europa (Milão) “arn:aws:s3::: packages.eu-south-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-south-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-south-1.appinfo.src/*”
Europa (Paris) “arn:aws:s3::: packages.eu-west-3.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-3.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-3.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-west-3.appinfo.src/*”
Europa (Espanha) “arn:aws:s3::: packages.eu-south-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-south-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-south-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-south-2.appinfo.src/*”
Europa (Estocolmo) “arn:aws:s3::: packages.eu-north-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-north-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-north-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-north-1.appinfo.src/*”
Europa (Zurique) “arn:aws:s3::: packages.eu-central-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-central-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-central-2.emr.amazonaws.com/*” “arn: aws:s3: ::prod.eu-central-2.appinfo.src/*”
Israel (Tel Aviv) “arn:aws:s3::: packages.il-central-1.amazonaws.com/”, "arn:aws:s3::: repo.il-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.il-central-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.il-central-1.appinfo.src/*”
Oriente Médio (Bahrein) “arn:aws:s3::: packages.me-south-1.amazonaws.com/”, "arn:aws:s3::: repo.me-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.me-south-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.me-south-1.appinfo.src/*”
Oriente Médio (UAE) “arn:aws:s3::: packages.me-central-1.amazonaws.com/”, "arn:aws:s3::: repo.me-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.me-central-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.me-central-1.appinfo.src/*”
América do Sul (São Paulo) “arn:aws:s3::: packages.sa-east-1.amazonaws.com/”, "arn:aws:s3::: repo.sa-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.sa-east-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.sa-east-1.appinfo.src/*”
AWS GovCloud (Leste dos EUA) “arn:aws:s3: ::pacotes. us-gov-east-1.amazonaws.com/”, "arn: aws:s3: ::repo. us-gov-east-1.amazonaws.com/”, "arn: aws:s3: ::repo. us-gov-east-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod. us-gov-east-1.appinfo.src/*”
AWS GovCloud (Oeste dos EUA) “arn:aws:s3: ::pacotes. us-gov-west-1.amazonaws.com/”, "arn: aws:s3: ::repo. us-gov-west-1.amazonaws.com/”, "arn: aws:s3: ::repo. us-gov-west-1.emr.amazonaws.com/*” “arn: aws:s3: ::prod.me-south-1.appinfo.src/*”