使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Questions on yml for simple EMR cluster(1 master+1 core)

0

I am drafting a yaml for simple EMR cluster. It will be loaded to stack and run.

But I am tried to launch my yml with servicerole without any attached policies and jobflowrole without any policies. It said invalid servicerole. Am I missing sth? Are there any requirments on servicerole and jobflowrole? Any syntax issues? Updates: The below is working.

---
Parameters:
  EmrReleaseLabelParameter:
    Type: String
    Default: emr-6.10.0

Resources:       
  EMRCluster:
    Type: AWS::EMR::Cluster
    Properties:
      Name: EMR_Two_Node_Cluster-20231108
      ReleaseLabel: !Ref EmrReleaseLabelParameter
      Applications:
        - Name: Hadoop
        - Name: Spark
        - Name: Zeppelin
      Instances:
        MasterInstanceGroup:
          Name: Master
          InstanceCount: 1
          InstanceType: c6g.xlarge 
          Market: ON_DEMAND
        CoreInstanceGroup:
          Name: Core
          InstanceCount: 1
          InstanceType: c6g.xlarge  
          Market: ON_DEMAND
      ServiceRole: !Ref EmrRole
      JobFlowRole: !Ref EmrEc2InstanceProfile
      LogUri: 's3://emr-log-123456789/123456789/'             #created before hand

  EmrRole:     #servicerole
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2008-10-17
        Statement:
          - Sid: ''
            Effect: Allow
            Principal:
              Service:
                 - elasticmapreduce.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole'

  EmrEc2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - !Ref EmrEc2Role

  EmrEc2Role:     #refered by instanceProfile
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2008-10-17
        Statement:
          - Sid: '' 
            Effect: Allow
            Principal:
              Service:
                 - ec2.amazonaws.com
            Action: 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role'

Thanks.

主题
管理与治理分析
标签
AWS CloudFormationAmazon EMR
语言
English
Tim
已提问 7 个月前327 查看次数
2 回答
4
已接受的回答

Hello,

Yes, JobFlowRole and ServiceRole are mandatory to be included when provisioning the cluster as they are required to interact with other AWS services like EC2, S3 and emr services. These roles assume the other AWS service like below mentioned, Please include the roles in the below format and retry the execution,

    ServiceRole:
        Type: AWS::IAM::Role
        Properties:
            AssumeRolePolicyDocument:
                Statement:
                    - Effect: Allow
                      Action: sts:AssumeRole
                      Principal:
                          Service:
                              - elasticmapreduce.amazonaws.com
            ManagedPolicyArns:
                - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole

    JobFlowRole:
        Type: AWS::IAM::Role
        Properties:
            AssumeRolePolicyDocument:
                Statement:
                    - Effect: Allow
                      Action: sts:AssumeRole
                      Principal:
                          Service:
                              - ec2.amazonaws.com
            ManagedPolicyArns:
                - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role

Please refer the example mentioned in this document - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-cluster.html#aws-resource-emr-cluster--examples

AWS
支持工程师
Yokesh NK
已回答 6 个月前
  • Tim
    6 个月前

    I added your defintions, the cf is ok now. An emr cluster can be created. What if I have a vpc-1234567890, can I specify this emr cluster to be placed in that vpc or even is specfic subnet?

  • Tim
    6 个月前

    When I add your codes, the stack said invalid jobflowrole. After googling, instanceprofile is needed and jobflowrole is needed to attach to it. The complete code is in the question section.Thanks.

3

Hello,

Glad it worked for you. For vpc subnet, refer the below, Mention the subnet under instances branch that will take the appropriate uniquely identified subnet under a vpc,

Instances:
        Ec2SubnetId: < refer the SubnetId >

VpcId might require when you specify the security group properties which tagged to specific vpc.

   SecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
            GroupDescription: "Allow SSH from anywhere"
            VpcId: !Ref VpcId
            SecurityGroupIngress:
                - IpProtocol: tcp
                  FromPort: 22
                  ToPort: 22
                  CidrIp: 0.0.0.0/0

Example: https://github.com/wwbrannon/emrcfn/blob/master/emrcfn.yaml

AWS
支持工程师
Yokesh NK
已回答 6 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容