Minimal DynamoDB Permissions for EMR EMRFS Consistent View
0
Hey folks, does anyone know what a minimal IAM policy statement would be for granting Amazon DynamoDB access to Amazon EMR Cluster members for the purposes of EMRFS Consistent view?
AmazonElasticMapReduceforEC2Role grants dynamodb:* on * resources, which is pretty broad.
The ideal answer would have both the limited set of actions required, and a narrower resource spec.
Thanks!
gefragt vor 4 Jahren335 Aufrufe
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
You can try the following template. EmrFSMetadata is default name for the DDB table, but this can be overridden if a different name is preferred and use the policy accordingly. But you can take a look S3 Optimizer. There is no need for a Dynamo DB table with S3 Optimizer and if the output is in Parquet.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:UpdateTimeToLive",
"dynamodb:ConditionCheckItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem",
"dynamodb:Scan",
"dynamodb:ListTagsOfResource",
"dynamodb:Query",
"dynamodb:UpdateItem",
"dynamodb:DescribeTimeToLive",
"dynamodb:CreateTable",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:UpdateTable",
"dynamodb:DescribeTableReplicaAutoScaling"
],
"Resource": "arn:aws:dynamodb:us-east-1:AccountID:table/EmrFSMetadata"
}
]
}
beantwortet vor 4 Jahren
Relevanter Inhalt
AWS OFFICIALAktualisiert vor einem Jahr- AWS OFFICIALAktualisiert vor 9 Monaten
- AWS OFFICIALAktualisiert vor einem Jahr