amazon web services - Roles / Permissions to create EMR Cluster using aws cli -
i trying create cluster using aws emr command. call out dont have admin role of stuff.
aws emr create-cluster --release-label emr-4.2.0 --instance-groups instancegrouptype=master,instancecount=1,instancetype=m3.xlarge instancegrouptype=core,instancecount=2,instancetype=m3.xlarge --service-role my_role--ec2-attributes keyname=my_key_pair,subnetid=subnet-xxxxxxxx,instanceprofile=my_role
i trying run command on ec2 instance. success message cluster id displayed. machine terminates invalid role error message.
if try see cluster state in aws console see many permission error messages.
are there set of permissions required role / policies ensure creation of cluster out error ?
i cant use --use-default-role don't have permission create role.
i can give emr_defaultrole
i'm using create emr with:
{ "version": "2012-10-17", "statement": [{ "effect": "allow", "resource": "*", "action": [ "ec2:authorizesecuritygroupegress", "ec2:authorizesecuritygroupingress", "ec2:cancelspotinstancerequests", "ec2:createnetworkinterface", "ec2:createsecuritygroup", "ec2:createtags", "ec2:deletenetworkinterface", "ec2:deletesecuritygroup", "ec2:deletetags", "ec2:describeavailabilityzones", "ec2:describeaccountattributes", "ec2:describedhcpoptions", "ec2:describeinstancestatus", "ec2:describeinstances", "ec2:describekeypairs", "ec2:describenetworkacls", "ec2:describenetworkinterfaces", "ec2:describeprefixlists", "ec2:describeroutetables", "ec2:describesecuritygroups", "ec2:describespotinstancerequests", "ec2:describespotpricehistory", "ec2:describesubnets", "ec2:describevpcattribute", "ec2:describevpcendpoints", "ec2:describevpcendpointservices", "ec2:describevpcs", "ec2:detachnetworkinterface", "ec2:modifyimageattribute", "ec2:modifyinstanceattribute", "ec2:requestspotinstances", "ec2:revokesecuritygroupegress", "ec2:runinstances", "ec2:terminateinstances", "iam:getrole", "iam:getrolepolicy", "iam:listinstanceprofiles", "iam:listrolepolicies", "iam:passrole", "s3:createbucket", "s3:get*", "s3:list*", "sdb:batchputattributes", "sdb:select", "sqs:createqueue", "sqs:delete*", "sqs:getqueue*", "sqs:purgequeue", "sqs:receivemessage" ] }] }
and also, ec2 default profile role emr_ec2_defaultrole
:
{ "version": "2012-10-17", "statement": [{ "effect": "allow", "resource": "*", "action": [ "cloudwatch:*", "dynamodb:*", "ec2:describe*", "elasticmapreduce:describe*", "elasticmapreduce:listbootstrapactions", "elasticmapreduce:listclusters", "elasticmapreduce:listinstancegroups", "elasticmapreduce:listinstances", "elasticmapreduce:liststeps", "kinesis:createstream", "kinesis:deletestream", "kinesis:describestream", "kinesis:getrecords", "kinesis:getsharditerator", "kinesis:mergeshards", "kinesis:putrecord", "kinesis:splitshard", "rds:describe*", "s3:*", "sdb:*", "sns:*", "sqs:*" ] }] }
Comments
Post a Comment