创建EMR集群出错,EMR服务角色无效
Error when creating EMR cluster, EMR service role is invalid
我正在通过 cloudformation 和 lambda 函数创建一个 emr 集群。创建堆栈后,当我 运行 lambda 函数时,它通过给出 EMR 服务 role:is 无效错误来启动集群。附上我的服务角色和工作流程角色代码。这是我缺少的权限,或者我应该给予的权限,以便我的 emr 开始执行这些步骤。
EMRClusterServiceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
EMRClusterinstanceProfileRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
EMRClusterinstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref EMRClusterinstanceProfileRole
EMRJobFlowProfileinstance:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref EMRJobFlowRole
EMRJobFlowRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
根据评论,解决方案是使用 elasticmapreduce.amazonaws.com 信任策略原则。
我正在通过 cloudformation 和 lambda 函数创建一个 emr 集群。创建堆栈后,当我 运行 lambda 函数时,它通过给出 EMR 服务 role:is 无效错误来启动集群。附上我的服务角色和工作流程角色代码。这是我缺少的权限,或者我应该给予的权限,以便我的 emr 开始执行这些步骤。
EMRClusterServiceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
EMRClusterinstanceProfileRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
EMRClusterinstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref EMRClusterinstanceProfileRole
EMRJobFlowProfileinstance:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref EMRJobFlowRole
EMRJobFlowRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
Path: /
根据评论,解决方案是使用 elasticmapreduce.amazonaws.com 信任策略原则。