Permissions can also come from a resource based policy An explicit deny in any

Permissions can also come from a resource based

This preview shows page 181 - 183 out of 395 pages.

Permissions can also come from a resource-based policy. An explicit deny in any of these policies overrides the allow. For more information, see Session Policies in the IAM User Guide . Multiple Policy Types When multiple types of policies apply to a request, the resulting permissions are more complicated to understand. To learn how AWS determines whether to allow a request when multiple policy types are involved, see Policy Evaluation Logic in the IAM User Guide . How Amazon EMR Works with IAM With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. Amazon EMR supports specific actions, resources, 175
Image of page 181
Amazon EMR Management Guide How Amazon EMR Works with IAM and condition keys. To learn about all of the elements that you use in a JSON policy, see IAM JSON Policy Elements Reference in the IAM User Guide . Amazon EMR does not support resource-based policies. Actions The Action element of an IAM identity-based policy describes the specific action or actions that will be allowed or denied by the policy. Policy actions usually have the same name as the associated AWS API operation. The action is used in a policy to grant permissions to perform the associated operation. Policy actions in Amazon EMR use the following prefix before the action: elasticmapreduce: . For example, to grant someone permission to create a cluster using the RunJobFlow API operation, you include the elasticmapreduce:RunJobFlow action in their policy. Policy statements must include either an Action or NotAction element. Amazon EMR defines its own set of actions that describe tasks that you can perform with this service. To specify multiple actions in a single statement, separate them with commas as follows: "Action": [ "elasticmapreduce: action1 ", "elasticmapreduce: action2 " You can specify multiple actions using wildcards (*). For example, to specify all actions that begin with the word Describe , include the following action: "Action": "elasticmapreduce:Describe*" To see a list of Amazon EMR actions, see Actions Defined by Amazon EMR in the IAM User Guide . Resources The Resource element specifies the object or objects to which the action applies. Statements must include either a Resource or a NotResource element. You specify a resource using an ARN or using the wildcard (*) to indicate that the statement applies to all resources. To see a list of Amazon EMR resource types and their ARNs, see Resources Defined by Amazon EMR in the IAM User Guide . To learn with which actions you can specify the ARN of each resource, see Actions Defined by Amazon EMR . Condition Keys The Condition element (or Condition block ) lets you specify conditions in which a statement is in effect. The Condition element is optional. You can build conditional expressions that use condition operators , such as equals or less than, to match the condition in the policy with values in the request.
Image of page 182
Image of page 183

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes