This preview shows page 181 - 183 out of 395 pages.
Permissions can also come from a resource-based policy. An explicit deny in any of these policiesoverrides the allow. For more information, see Session Policies in the IAM User Guide.Multiple Policy TypesWhen multiple types of policies apply to a request, the resulting permissions are more complicated tounderstand. To learn how AWS determines whether to allow a request when multiple policy types areinvolved, see Policy Evaluation Logic in the IAM User Guide.How Amazon EMR Works with IAMWith IAM identity-based policies, you can specify allowed or denied actions and resources as well as theconditions under which actions are allowed or denied. Amazon EMR supports specific actions, resources,175
Amazon EMR Management GuideHow Amazon EMR Works with IAMand condition keys. To learn about all of the elements that you use in a JSON policy, see IAM JSON PolicyElements Reference in the IAM User Guide.Amazon EMR does not support resource-based policies.ActionsThe Actionelement of an IAM identity-based policy describes the specific action or actions that will beallowed or denied by the policy. Policy actions usually have the same name as the associated AWS APIoperation. The action is used in a policy to grant permissions to perform the associated operation.Policy actions in Amazon EMR use the following prefix before the action: elasticmapreduce:. Forexample, to grant someone permission to create a cluster using the RunJobFlowAPI operation, youinclude the elasticmapreduce:RunJobFlowaction in their policy. Policy statements must includeeither an Actionor NotActionelement. Amazon EMR defines its own set of actions that describe tasksthat you can perform with this service.To specify multiple actions in a single statement, separate them with commas as follows:"Action": ["elasticmapreduce:action1","elasticmapreduce:action2"You can specify multiple actions using wildcards (*). For example, to specify all actions that begin withthe word Describe, include the following action:"Action": "elasticmapreduce:Describe*"To see a list of Amazon EMR actions, see Actions Defined by Amazon EMR in the IAM User Guide.ResourcesThe Resourceelement specifies the object or objects to which the action applies. Statements mustinclude either a Resourceor a NotResourceelement. You specify a resource using an ARN or using thewildcard (*) to indicate that the statement applies to all resources.To see a list of Amazon EMR resource types and their ARNs, see Resources Defined by Amazon EMR inthe IAM User Guide. To learn with which actions you can specify the ARN of each resource, see ActionsDefined by Amazon EMR.Condition KeysThe Conditionelement (or Conditionblock) lets you specify conditions in which a statement is ineffect. The Conditionelement is optional. You can build conditional expressions that use conditionoperators, such as equals or less than, to match the condition in the policy with values in the request.
As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.
Temple University Fox School of Business ‘17, Course Hero Intern
I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.
University of Pennsylvania ‘17, Course Hero Intern
The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.
Tulane University ‘16, Course Hero Intern
Ask Expert Tutors
You can ask
You can ask ( soon)
You can ask
(will expire )