IAM唯讀存取的受管理原則 (v2 受管理的預設原則) - Amazon EMR

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

IAM唯讀存取的受管理原則 (v2 受管理的預設原則)

若要將唯讀權限授與 AmazonEMR,請附加 A mazonEMRRead OnlyAccessPolicy _v2 受管政策。此預設受管政策會取代 AmazonElasticMapReduceReadOnlyAccess 受管政策。此政策陳述式的內容顯示在下列程式碼片段中。與 AmazonElasticMapReduceReadOnlyAccess 政策相比,AmazonEMRReadOnlyAccessPolicy_v2 政策不會對 elasticmapreduce 元素使用萬用字元。相反地,預設 v2 政策會限制允許的 elasticmapreduce 動作。

注意

您也可以使用 AWS Management Console 連結AmazonEMRReadOnlyAccessPolicy_v2以檢視原則。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ElasticMapReduceActions",
            "Effect": "Allow",
            "Action": [
                "elasticmapreduce:DescribeCluster",
                "elasticmapreduce:DescribeEditor",
                "elasticmapreduce:DescribeJobFlows",
                "elasticmapreduce:DescribeSecurityConfiguration",
                "elasticmapreduce:DescribeStep",
                "elasticmapreduce:DescribeReleaseLabel",
                "elasticmapreduce:GetBlockPublicAccessConfiguration",
                "elasticmapreduce:GetManagedScalingPolicy",
                "elasticmapreduce:GetAutoTerminationPolicy",
                "elasticmapreduce:ListBootstrapActions",
                "elasticmapreduce:ListClusters",
                "elasticmapreduce:ListEditors",
                "elasticmapreduce:ListInstanceFleets",
                "elasticmapreduce:ListInstanceGroups",
                "elasticmapreduce:ListInstances",
                "elasticmapreduce:ListSecurityConfigurations",
                "elasticmapreduce:ListSteps",
                "elasticmapreduce:ListSupportedInstanceTypes",
                "elasticmapreduce:ViewEventsFromAllClustersInConsole"
            ],
            "Resource": "*"
        },
        {
            "Sid": "ViewMetricsInEMRConsole",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics"
            ],
            "Resource": "*"
        }
    ]
}