Minimal DynamoDB Permissions for EMR EMRFS Consistent View

0

Hey folks, does anyone know what a minimal IAM policy statement would be for granting Amazon DynamoDB access to Amazon EMR Cluster members for the purposes of EMRFS Consistent view?

AmazonElasticMapReduceforEC2Role grants dynamodb:* on * resources, which is pretty broad.

The ideal answer would have both the limited set of actions required, and a narrower resource spec.

Thanks!

AWS
asked 4 years ago303 views
1 Answer
0
Accepted Answer

You can try the following template. EmrFSMetadata is default name for the DDB table, but this can be overridden if a different name is preferred and use the policy accordingly. But you can take a look S3 Optimizer. There is no need for a Dynamo DB table with S3 Optimizer and if the output is in Parquet.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:BatchGetItem",
                    "dynamodb:BatchWriteItem",
                    "dynamodb:UpdateTimeToLive",
                    "dynamodb:ConditionCheckItem",
                    "dynamodb:PutItem",
                    "dynamodb:DeleteItem",
                    "dynamodb:Scan",
                    "dynamodb:ListTagsOfResource",
                    "dynamodb:Query",
                    "dynamodb:UpdateItem",
                    "dynamodb:DescribeTimeToLive",
                    "dynamodb:CreateTable",
                    "dynamodb:DescribeTable",
                    "dynamodb:GetItem",
                    "dynamodb:UpdateTable",
                    "dynamodb:DescribeTableReplicaAutoScaling"
                ],
                "Resource": "arn:aws:dynamodb:us-east-1:AccountID:table/EmrFSMetadata"
            }
        ]
    }
AWS
Vivek_S
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions