本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
IAMAmazon EMR 在 Step Functions EKS 調用政策
下列範例範本顯示如何 AWS Step Functions 根據狀態機器定義中的資源產生IAM原則。如需詳細資訊,請參閱 Step Functions 式如何為整合式服務產生IAM原則 和 探索 Step Functions 中的服務整合模式。
CreateVirtualCluster
資源
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:CreateVirtualCluster"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::{{accountId}}:role/aws-service-role/emr-containers.amazonaws.com/AnAWSServiceRoleForAmazonEMRContainers",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "emr-containers.amazonaws.com"
}
}
}
]
}
DeleteVirtualCluster
靜態資源
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster",
"emr-containers:DescribeVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
]
}
]
}
動態資源
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster",
"emr-containers:DescribeVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
StartJobRun
靜態資源
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"emr-containers:DescribeJobRun",
"emr-containers:CancelJobRun"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]/jobruns/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
}
]
}
動態資源
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"emr-containers:DescribeJobRun",
"emr-containers:CancelJobRun"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
}
]
}
