By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Questions on yml for simple EMR cluster(1 master+1 core)

0

I am drafting a yaml for simple EMR cluster. It will be loaded to stack and run.

But I am tried to launch my yml with servicerole without any attached policies and jobflowrole without any policies. It said invalid servicerole. Am I missing sth? Are there any requirments on servicerole and jobflowrole? Any syntax issues? Updates: The below is working.

---
Parameters:
  EmrReleaseLabelParameter:
    Type: String
    Default: emr-6.10.0

Resources:       
  EMRCluster:
    Type: AWS::EMR::Cluster
    Properties:
      Name: EMR_Two_Node_Cluster-20231108
      ReleaseLabel: !Ref EmrReleaseLabelParameter
      Applications:
        - Name: Hadoop
        - Name: Spark
        - Name: Zeppelin
      Instances:
        MasterInstanceGroup:
          Name: Master
          InstanceCount: 1
          InstanceType: c6g.xlarge 
          Market: ON_DEMAND
        CoreInstanceGroup:
          Name: Core
          InstanceCount: 1
          InstanceType: c6g.xlarge  
          Market: ON_DEMAND
      ServiceRole: !Ref EmrRole
      JobFlowRole: !Ref EmrEc2InstanceProfile
      LogUri: 's3://emr-log-123456789/123456789/'             #created before hand

  EmrRole:     #servicerole
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2008-10-17
        Statement:
          - Sid: ''
            Effect: Allow
            Principal:
              Service:
                 - elasticmapreduce.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole'

  EmrEc2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - !Ref EmrEc2Role

  EmrEc2Role:     #refered by instanceProfile
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2008-10-17
        Statement:
          - Sid: '' 
            Effect: Allow
            Principal:
              Service:
                 - ec2.amazonaws.com
            Action: 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role'

Thanks.

Topics
Management & GovernanceAnalytics
Tags
AWS CloudFormationAmazon EMR
Language
English
Tim
asked 6 months ago303 views
2 Answers
4
Accepted Answer

Hello,

Yes, JobFlowRole and ServiceRole are mandatory to be included when provisioning the cluster as they are required to interact with other AWS services like EC2, S3 and emr services. These roles assume the other AWS service like below mentioned, Please include the roles in the below format and retry the execution,

    ServiceRole:
        Type: AWS::IAM::Role
        Properties:
            AssumeRolePolicyDocument:
                Statement:
                    - Effect: Allow
                      Action: sts:AssumeRole
                      Principal:
                          Service:
                              - elasticmapreduce.amazonaws.com
            ManagedPolicyArns:
                - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole

    JobFlowRole:
        Type: AWS::IAM::Role
        Properties:
            AssumeRolePolicyDocument:
                Statement:
                    - Effect: Allow
                      Action: sts:AssumeRole
                      Principal:
                          Service:
                              - ec2.amazonaws.com
            ManagedPolicyArns:
                - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role

Please refer the example mentioned in this document - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-cluster.html#aws-resource-emr-cluster--examples

AWS
SUPPORT ENGINEER
Yokesh NK
answered 6 months ago
  • Tim
    6 months ago

    I added your defintions, the cf is ok now. An emr cluster can be created. What if I have a vpc-1234567890, can I specify this emr cluster to be placed in that vpc or even is specfic subnet?

  • Tim
    6 months ago

    When I add your codes, the stack said invalid jobflowrole. After googling, instanceprofile is needed and jobflowrole is needed to attach to it. The complete code is in the question section.Thanks.

3

Hello,

Glad it worked for you. For vpc subnet, refer the below, Mention the subnet under instances branch that will take the appropriate uniquely identified subnet under a vpc,

Instances:
        Ec2SubnetId: < refer the SubnetId >

VpcId might require when you specify the security group properties which tagged to specific vpc.

   SecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
            GroupDescription: "Allow SSH from anywhere"
            VpcId: !Ref VpcId
            SecurityGroupIngress:
                - IpProtocol: tcp
                  FromPort: 22
                  ToPort: 22
                  CidrIp: 0.0.0.0/0

Example: https://github.com/wwbrannon/emrcfn/blob/master/emrcfn.yaml

AWS
SUPPORT ENGINEER
Yokesh NK
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content