3

我想com.test.mybucket使用 MRJob Python 框架对来自 S3 存储桶的数据运行 Elastic Mapreduce。但是,我在 S3 中有很多其他数据,以及我不想接触的其他 EC2 实例。AWS 用户运行完整作业所需的最少可能访问凭证集是多少?

4

1 回答 1

3

这是一个例子:

{
    "Statement": [
        {
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::com.test.mybucket*"
            ],
            "Effect": "Allow",
            "Sid": "Stmt1320976936189"
        },
        {
            "Action": [
                "elasticmapreduce:*"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow",
            "Sid": "Stmt1322766641851"
        },
        {
            "Action": [
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:CancelSpotInstanceRequests",
                "ec2:CreateSecurityGroup",
                "ec2:CreateTags",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInstances",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSpotInstanceRequests",
                "ec2:ModifyImageAttribute",
                "ec2:ModifyInstanceAttribute",
                "ec2:RequestSpotInstances",
                "ec2:RunInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow",
            "Sid": "Stmt1323200725902"
        }
    ]
}

另请参阅http://docs.amazonwebservices.com/ElasticMapReduce/latest/DeveloperGuide/index.html?environmentconfig_iam.html#ec2-iam-policies

于 2011-12-12T06:56:16.247 回答