- Newest
- Most votes
- Most comments
Hello There,
Thank you for raising this question in re:Post.
I understand that you are looking for some granular information on customizing the IAM roles while launching an EMR Cluster.
To answer your queries
1 - You should have below if you are performing basic operations on the required S3 bucket
s3:GetObject: This permission is required to download any files from an S3 bucket that are needed for the bootstrap action. s3:PutObject: This permission is required to upload any files to an S3 bucket that are generated by the bootstrap action.
If suppose your application runs referencing the data using s3://<bucket> , then Amazon EMR uses EC2 Instance profile to make the request and the respective permissions has to be provided as per the documentation[1]
2 - If you would like to configure access to other buckets/prefixes you have to your custom policy manually as the policy is not an default policy so, the permissions will not be created automatically during cluster setup process.
3 - elasticmapreduce S3 bucket arn is an public repository which contains patches and fixes for example recent log4j patches and as well as "bootstrap-actions/run-if" which will be used to install our scripts on master node . If you would like to check further you can run below command to see what else you are having in the public repository.
aws s3 ls s3://elasticmapreduce/bootstrap-actions --recursive
I hope the above information helps.
References: [1] https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-iam-role-for-ec2.html
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 days ago
- AWS OFFICIALUpdated 2 months ago