addStep cancelStep createCluster setClusterTerminationProtection modifyInstanceFleetByName modifyInstanceGroupByName terminateCluster

Amazon EMR

These example templates show how AWS Step Functions generates IAM policies based on the resources in your state machine definition. For more information, see:

`addStep`

Static resources


{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "elasticmapreduce:AddJobFlowSteps",
              "elasticmapreduce:DescribeStep", 
              "elasticmapreduce:CancelSteps"
          ],
          "Resource": [
              "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
            "events:PutTargets",
            "events:PutRule",
            "events:DescribeRule"
          ],
          "Resource": [
            "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventForEMRAddJobFlowStepsRule"
          ]
      }
  ]
}

Dynamic resources


{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "elasticmapreduce:AddJobFlowSteps",
              "elasticmapreduce:DescribeStep",
              "elasticmapreduce:CancelSteps"
          ],
          "Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
      },
      {
          "Effect": "Allow",
          "Action": [
            "events:PutTargets",
            "events:PutRule",
            "events:DescribeRule"
          ],
          "Resource": [
            "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventForEMRAddJobFlowStepsRule"
          ]
      }
  ]
}

`cancelStep`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "elasticmapreduce:CancelSteps",
            "Resource": [
                "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
            ]
        }
    ]
}

Dynamic resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "elasticmapreduce:CancelSteps",
            "Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
        }
    ]
}

`createCluster`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:RunJobFlow",
                "elasticmapreduce:DescribeCluster", 
                "elasticmapreduce:TerminateJobFlows"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": [
                "arn:aws:iam::{{account}}:role/[[roleName]]"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
              "events:PutTargets",
              "events:PutRule",
              "events:DescribeRule"
            ],
            "Resource": [
                "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventForEMRRunJobFlowRule"
            ]
        }
    ]
}

`setClusterTerminationProtection`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "elasticmapreduce:SetTerminationProtection",
            "Resource": [
                "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
            ]
        }
    ]
}

Dynamic resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "elasticmapreduce:SetTerminationProtection",
            "Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
        }
    ]
}

`modifyInstanceFleetByName`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:ModifyInstanceFleet",
                "elasticmapreduce:ListInstanceFleets"
            ],
            "Resource": [
                "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
            ]
        }
    ]
}

Dynamic resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:ModifyInstanceFleet",
                "elasticmapreduce:ListInstanceFleets"
            ],
            "Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
        }
    ]
}

`modifyInstanceGroupByName`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:ModifyInstanceGroups",
                "elasticmapreduce:ListInstanceGroups"
            ],
            "Resource": [
                "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
            ]
        }
    ]
}

Dynamic resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:ModifyInstanceGroups",
                "elasticmapreduce:ListInstanceGroups"
            ],
            "Resource": "*"
        }
    ]
}

`terminateCluster`

Static resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:TerminateJobFlows",
                "elasticmapreduce:DescribeCluster"
            ],
            "Resource": [
                "arn:aws:elasticmapreduce:[[region]]:[[accountId]]:cluster/[[clusterId]]"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "events:PutTargets",
                "events:PutRule",
                "events:DescribeRule"
            ],
            "Resource": [
                "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventForEMRTerminateJobFlowsRule"
            ]
        }
    ]
}

Dynamic resources


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:TerminateJobFlows",
                "elasticmapreduce:DescribeCluster"
            ],
            "Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
        },
        {
            "Effect": "Allow",
            "Action": [
              "events:PutTargets",
              "events:PutRule",
              "events:DescribeRule"
            ],
            "Resource": [
                "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventForEMRTerminateJobFlowsRule"
            ]
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SageMaker

Amazon EMR on EKS