Prefix specifies that the identifier is anAmazon S3 location The IAM role is

Prefix specifies that the identifier is anamazon s3

This preview shows page 206 - 208 out of 395 pages.

"Prefix" specifies that the identifier is an Amazon S3 location. The IAM role is assumed for calls to the location or locations with the specified prefixes. For example, the prefix s3://mybucket/ matches s3:// mybucket/mydir and s3://mybucket/ yetanotherdir . "Group" specifies that the identifiers are one or more Hadoop groups . The IAM role is assumed if the request originates from a user in the specified group or groups. 200
Image of page 206
Amazon EMR Management Guide Configure Service Roles for Amazon EMR Parameter Description "Identifiers": Specifies one or more identifiers of the appropriate identifier type. Separate multiple identifiers by commas with no spaces. 2. Use the aws emr create-cluster command to create a cluster and specify the security configuration you created in the previous step. The following example creates a cluster with default core Hadoop applications installed. The cluster uses the security configuration created above as EMRFS_Roles_Security_Configuration and also uses a custom EMR role for EC2, EC2_Role_EMR_Restrict_S3 , which is specified using the InstanceProfile argument of the --ec2-attributes parameter. Note Linux line continuation characters (\) are included for readability. They can be removed or used in Linux commands. For Windows, remove them or replace with a caret (^). aws emr create-cluster --name MyEmrFsS3RolesCluster \ --release-label emr-5.28.1 --ec2-attributes InstanceProfile= EC2_Role_EMR_Restrict_S3 ,KeyName= MyKey \ --instance-type m5.xlarge --instance-count 3 \ --security-configuration EMRFS_Roles_Security_Configuration Use Resource-Based Policies for Amazon EMR Access to AWS Glue Data Catalog If you use AWS Glue in conjunction with Hive, Spark, or Presto in Amazon EMR, AWS Glue supports resource-based policies to control access to Data Catalog resources. These resources include databases, tables, connections, and user-defined functions. For more information, see AWS Glue Resource Policies in the AWS Glue Developer Guide . When using resource-based policies to limit access to AWS Glue from within Amazon EMR, the principal that you specify in the permissions policy must be the role ARN associated with the EC2 instance profile that is specified when a cluster is created. For example, for a resource-based policy attached to a catalog, you can specify the role ARN for the default service role for cluster EC2 instances, EMR_EC2_DefaultRole as the Principal , using the format shown in the following example: arn:aws:iam:: acct-id :role/ EMR_EC2_DefaultRole The acct-id can be different from the AWS Glue account ID. This enables access from EMR clusters in different accounts. You can specify multiple principals, each from a different account. Use IAM Roles with Applications That Call AWS Services Directly Applications running on the EC2 instances of a cluster can use the EC2 instance profile to obtain temporary security credentials when calling AWS services.
Image of page 207
Image of page 208

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors