e Choose Add role to set up additional role mappings as described in the

E choose add role to set up additional role mappings

This preview shows page 205 - 207 out of 395 pages.

e. Choose Add role to set up additional role mappings as described in the previous step. f. Set up other security configuration options as appropriate and choose Create . For more information, see Create a Security Configuration (p. 147) . 2. Specify the security configuration you created above when you create a cluster. For more information, see Specify a Security Configuration for a Cluster (p. 163) . To specify IAM roles for EMRFS requests to Amazon S3 using the AWS CLI 1. Use the aws emr create-security-configuration command, specifying a name for the security configuration, and the security configuration details in JSON format. The example command shown below creates a security configuration with the name EMRFS_Roles_Security_Configuration . It is based on a JSON structure in the file MyEmrfsSecConfig.json , which is saved in the same directory where the command is executed. aws emr create-security-configuration --name EMRFS_Roles_Security_Configuration -- security-configuration . Use the following guidelines for the structure of the MyEmrFsSecConfig.json file. You can specify this structure along with structures for other security configuration options. For more information, see Create a Security Configuration (p. 147) . The following is an example JSON snippet for specifying custom IAM roles for EMRFS within a security configuration. It demonstrates role mappings for the three different identifier types, followed by a parameter reference. { "AuthorizationConfiguration": { 199
Image of page 205
Amazon EMR Management Guide Configure Service Roles for Amazon EMR "EmrFsConfiguration": { "RoleMappings": [{ "Role": " arn:aws:iam::123456789101:role/allow_EMRFS_access_for_user1 ", "IdentifierType": "User", "Identifiers": [ " user1 " ] },{ "Role": " arn:aws:iam::123456789101:role/allow_EMRFS_access_to_MyBuckets ", "IdentifierType": "Prefix", "Identifiers": [ " s3://MyBucket/","s3://MyOtherBucket/ " ] },{ "Role": " arn:aws:iam::123456789101:role/allow_EMRFS_access_for_AdminGroup ", "IdentifierType": "Group", "Identifiers": [ " AdminGroup " ] }] } } } Parameter Description "AuthorizationConfiguration": Required. "EmrFsConfiguration": Required. Contains role mappings. "RoleMappings": Required. Contains one or more role mapping definitions. Role mappings are evaluated in the top-down order that they appear. If a role mapping evaluates as true for an EMRFS call for data in Amazon S3, no further role mappings are evaluated and EMRFS uses the specified IAM role for the request. Role mappings consist of the following required parameters: "Role": Specifies the ARN identifier of an IAM role in the format arn:aws:iam:: account- id :role/ role-name . This is the IAM role that Amazon EMR assumes if the EMRFS request to Amazon S3 matches any of the Identifiers specified. "IdentifierType": Can be one of the following: "User" specifies that the identifiers are one or more Hadoop users, which can be Linux account users or Kerberos principals. When the EMRFS request originates with the user or users specified, the IAM role is assumed.
Image of page 206
Image of page 207

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors