用于只读访问的 IAM 托管式策略(v2 托管默认策略)。 - Amazon EMR

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

用于只读访问的 IAM 托管式策略(v2 托管默认策略)。

要向亚马逊 EMR 授予只读权限,请附上 A mazonemr ReadOnlyAccessPolicy _v2 托管策略。此默认托管式策略将替换 AmazonElasticMapReduceReadOnlyAccess 托管式策略。下面的代码段显示了此策略声明的内容。与 AmazonElasticMapReduceReadOnlyAccess 策略相比,AmazonEMRReadOnlyAccessPolicy_v2 策略不使用 elasticmapreduce 元素的通配符。相反,默认的 v2 策略限定了允许的 elasticmapreduce 操作范围。

注意

您也可以使用该 AWS Management Console AmazonEMRReadOnlyAccessPolicy_v2链接查看政策。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ElasticMapReduceActions",
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:DescribeCluster",
                "elasticmapreduce:DescribeEditor",
                "elasticmapreduce:DescribeJobFlows",
                "elasticmapreduce:DescribeSecurityConfiguration",
                "elasticmapreduce:DescribeStep",
                "elasticmapreduce:DescribeReleaseLabel",
                "elasticmapreduce:GetBlockPublicAccessConfiguration",
                "elasticmapreduce:GetManagedScalingPolicy",
                "elasticmapreduce:GetAutoTerminationPolicy",
                "elasticmapreduce:ListBootstrapActions",
                "elasticmapreduce:ListClusters",
                "elasticmapreduce:ListEditors",
                "elasticmapreduce:ListInstanceFleets",
                "elasticmapreduce:ListInstanceGroups",
                "elasticmapreduce:ListInstances",
                "elasticmapreduce:ListSecurityConfigurations",
                "elasticmapreduce:ListSteps",
                "elasticmapreduce:ListSupportedInstanceTypes",
                "elasticmapreduce:ViewEventsFromAllClustersInConsole"
            ],
            "Resource": "*"
        },
        {
            "Sid": "ViewMetricsInEMRConsole",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics"
            ],
            "Resource": "*"
        }
    ]
}