Version Statement Action Effect Allow

Version statement action effect allow

This preview shows page 218 - 221 out of 395 pages.

, the condition does not apply to the cluster, and it does not need to be tagged. { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:StartEditor" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:editor/*", "Condition": { "StringEquals": { "elasticmapreduce:ResourceTag/owner": [ "owner1", "owner2" ] } } } ] } This example is similar to one above. However, the limit only applies to tagged clusters, not notebooks. { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:StartEditor" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:cluster/*", "Condition": { "StringEquals": { 212
Image of page 218
Amazon EMR Management Guide Identity-Based Policy Examples "elasticmapreduce:ResourceTag/department": [ "dep1", "dep3" ] } } } ] } This example uses a different set of notebook and cluster tags. It allows a notebook to be started only if: The notebook has a tag with the key string owner set to any of the specified values —and— The cluster has a tag with the key string department set to any of the specified values { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:StartEditor" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:editor/*", "Condition": { "StringEquals": { "elasticmapreduce:ResourceTag/owner": [ "user1", "user2" ] } } }, { "Action": [ "elasticmapreduce:StartEditor" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:cluster/*", "Condition": { "StringEquals": { "elasticmapreduce:ResourceTag/department": [ "datascience", "analytics" ] } } } ] } Example –Limit the ability to open the notebook editor based on tags This example allows the notebook editor to be opened only if: The notebook has a tag with the key string owner set to any of the specified values. —and— The cluster has a tag with the key string department set to any of the specified values. 213
Image of page 219
Amazon EMR Management Guide Authenticate to Cluster Nodes { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:OpenEditorInConsole" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:editor/*", "Condition": { "StringEquals": { "elasticmapreduce:ResourceTag/owner": [ "user1", "user2" ] } } }, { "Action": [ "elasticmapreduce:OpenEditorInConsole" ], "Effect": "Allow", "Resource": "arn:aws:elasticmapreduce:*:123456789012:cluster/*", "Condition": { "StringEquals": { "elasticmapreduce:ResourceTag/department": [ "datascience", "analytics" ] } } } ] } Authenticate to Amazon EMR Cluster Nodes SSH clients can use an Amazon EC2 key pair to authenticate to cluster instances. Alternatively, with Amazon EMR release version 5.10.0 or later, you can configure Kerberos to authenticate users and SSH connections to the master node. For more information, see Use Kerberos Authentication (p. 215) . Topics Use an Amazon EC2 Key Pair for SSH Credentials (p. 214) Use Kerberos Authentication (p. 215) Use an Amazon EC2 Key Pair for SSH Credentials Amazon EMR cluster nodes run on Amazon EC2 instances. You can connect to cluster nodes in the same way that you can connect to Amazon EC2 instances. You can use Amazon EC2 to create a key pair, or you can import a key pair. When you create a cluster, you can specify the Amazon EC2 key pair that will be used for SSH connections to all cluster instances. You can also create a cluster without a key pair. This is usually done with transient clusters that start, run steps, and then terminate automatically.
Image of page 220
Image of page 221

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes