- Newest
- Most votes
- Most comments
Hello,
Yes, JobFlowRole and ServiceRole are mandatory to be included when provisioning the cluster as they are required to interact with other AWS services like EC2, S3 and emr services. These roles assume the other AWS service like below mentioned, Please include the roles in the below format and retry the execution,
ServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- elasticmapreduce.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole
JobFlowRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- ec2.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Please refer the example mentioned in this document - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-cluster.html#aws-resource-emr-cluster--examples
Hello,
Glad it worked for you. For vpc subnet, refer the below, Mention the subnet under instances branch that will take the appropriate uniquely identified subnet under a vpc,
Instances:
Ec2SubnetId: < refer the SubnetId >
VpcId might require when you specify the security group properties which tagged to specific vpc.
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Allow SSH from anywhere"
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Example: https://github.com/wwbrannon/emrcfn/blob/master/emrcfn.yaml
Relevant content
- Accepted Answerasked 2 years ago
- asked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
I added your defintions, the cf is ok now. An emr cluster can be created. What if I have a vpc-1234567890, can I specify this emr cluster to be placed in that vpc or even is specfic subnet?
When I add your codes, the stack said invalid jobflowrole. After googling, instanceprofile is needed and jobflowrole is needed to attach to it. The complete code is in the question section.Thanks.