Amazon EMR 唯讀存取的 IAM 受管政策 (v2 受管預設政策) - Amazon EMR

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

Amazon EMR 唯讀存取的 IAM 受管政策 (v2 受管預設政策)

若要授予 Amazon EMR 唯讀權限,請附接 AmazonEMRReadOnlyAccessPolicy_v2 受管政策。此預設受管政策會取代 AmazonElasticMapReduceReadOnlyAccess 受管政策。此政策陳述式的內容顯示在下列程式碼片段中。與 AmazonElasticMapReduceReadOnlyAccess 政策相比,AmazonEMRReadOnlyAccessPolicy_v2 政策不會對 elasticmapreduce 元素使用萬用字元。相反地,預設 v2 政策會限制允許的 elasticmapreduce 動作。

注意

您也可以使用 AWS Management Console 連結AmazonEMRReadOnlyAccessPolicy_v2來檢視政策。

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ElasticMapReduceActions",
      "Effect": "Allow",
      "Action": [
        "elasticmapreduce:DescribeCluster",
        "elasticmapreduce:DescribeEditor",
        "elasticmapreduce:DescribeJobFlows",
        "elasticmapreduce:DescribeSecurityConfiguration",
        "elasticmapreduce:DescribeStep",
        "elasticmapreduce:DescribeReleaseLabel",
        "elasticmapreduce:GetBlockPublicAccessConfiguration",
        "elasticmapreduce:GetManagedScalingPolicy",
        "elasticmapreduce:GetAutoTerminationPolicy",
        "elasticmapreduce:ListBootstrapActions",
        "elasticmapreduce:ListClusters",
        "elasticmapreduce:ListEditors",
        "elasticmapreduce:ListInstanceFleets",
        "elasticmapreduce:ListInstanceGroups",
        "elasticmapreduce:ListInstances",
        "elasticmapreduce:ListSecurityConfigurations",
        "elasticmapreduce:ListSteps",
        "elasticmapreduce:ListSupportedInstanceTypes",
        "elasticmapreduce:ViewEventsFromAllClustersInConsole"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "ViewMetricsInEMRConsole",
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricStatistics"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}