2011-12-06 48 views
2

我想使用MRJob Python框架對來自S3存儲桶com.test.mybucket的數據運行Elastic Mapreduce。但是,我在S3中有很多其他數據,以及其他我不想觸及的EC2實例。 AWS用戶執行完整工作所需的最小可能訪問憑證集是什麼?運行EMR作業的最低AWS策略要求

回答

1

下面是一個例子:

{ 
    "Statement": [ 
     { 
      "Action": [ 
       "s3:GetObject", 
       "s3:ListBucket", 
       "s3:PutObject", 
       "s3:DeleteObject", 
       "s3:GetBucketLocation" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::com.test.mybucket*" 
      ], 
      "Effect": "Allow", 
      "Sid": "Stmt1320976936189" 
     }, 
     { 
      "Action": [ 
       "elasticmapreduce:*" 
      ], 
      "Resource": [ 
       "*" 
      ], 
      "Effect": "Allow", 
      "Sid": "Stmt1322766641851" 
     }, 
     { 
      "Action": [ 
       "ec2:AuthorizeSecurityGroupIngress", 
       "ec2:CancelSpotInstanceRequests", 
       "ec2:CreateSecurityGroup", 
       "ec2:CreateTags", 
       "ec2:DescribeAvailabilityZones", 
       "ec2:DescribeInstances", 
       "ec2:DescribeSecurityGroups", 
       "ec2:DescribeSpotInstanceRequests", 
       "ec2:ModifyImageAttribute", 
       "ec2:ModifyInstanceAttribute", 
       "ec2:RequestSpotInstances", 
       "ec2:RunInstances", 
       "ec2:TerminateInstances" 
      ], 
      "Resource": [ 
       "*" 
      ], 
      "Effect": "Allow", 
      "Sid": "Stmt1323200725902" 
     } 
    ] 
} 

又見http://docs.amazonwebservices.com/ElasticMapReduce/latest/DeveloperGuide/index.html?environmentconfig_iam.html#ec2-iam-policies