When you run components such as Hadoop and Spark in your E-MapReduce (EMR) cluster, you must grant the components the permissions to access other Alibaba Cloud services and perform related operations. This topic describes how to assign roles to EMR and also describes the roles that are associated with EMR.
Background information
EMR provides default system roles and default system policies. System policies are created and maintained by Alibaba Cloud. If service requirements change, the system policies are accordingly updated.
- Roles that are required for EMR vary based on the EMR version.
- In EMR V3.32.0 or an earlier minor version, or EMR V4.5.0 or an earlier minor version: AliyunEmrEcsDefaultRole
- In a minor version later than EMR V3.32.0 or EMR V4.5.0: AliyunECSInstanceForEMRRole
- When you use EMR for the first time, you must use your Alibaba Cloud account to assign default system roles to EMR. Otherwise, your Alibaba Cloud account and the RAM users within your Alibaba Cloud account cannot use EMR.
- If you want to delete a service role, make sure that the resources that use the role are released. Otherwise, the use of the resources is affected.
- If only some roles are assigned, the EMR console sends you a notification. You can create a cluster only after all roles are assigned.
Procedure
Log on to the EMR console.
On the Cloud Resource Access Authorization page, click Agree to Authorization in the lower part of the page.
By default, the AliyunEMRDefaultRole and AliyunECSInstanceForEMRRole roles are selected.
NoteWhen you use EMR for the first time, you must assign default system roles to EMR. Then, you do not need to repeat the assignment operation when you use EMR again.
Service roles
The following table describes the RAM roles that are associated with EMR.
Attribute | Default role | Description | System policy |
EMR service role | AliyunEMRDefaultRole | This role allows you to use EMR to access other Alibaba Cloud services when you configure resources and perform service-level operations on your EMR cluster. This role is required for all clusters and cannot be changed. For more information, see EMR service roles. | AliyunEMRRolePolicy |
AliyunEMRManagedCostRole | This role is used when you use the auto scaling cost analysis feature for the first time. This role allows you to view bill details on the billing management page. | AliyunEMRManagedCostRolePolicy | |
ECS application role (used in EMR V3.32.0 or an earlier minor version, or EMR V4.5.0 or an earlier minor version) | AliyunEmrEcsDefaultRole | This role allows application processes that run on your cluster to access other Alibaba Cloud services. When you create a cluster, you can use this service role or use a custom role. For more information about this role, see ECS application role (used in EMR V3.32.0 or an earlier minor version, or EMR V4.5.0 or an earlier minor version). | AliyunEMRECSRolePolicy |
ECS application role (used in a minor version later than EMR V3.32.0 or EMR V4.5.0) | AliyunECSInstanceForEMRRole | This role allows application processes that run on your cluster to access other Alibaba Cloud services. When you create a cluster, you can use this service role or use a custom role. For more information about this role, see ECS application role (used in a minor version later than EMR V3.32.0 or EMR V4.5.0). | AliyunECSInstanceForEMRRolePolicy |
ECS application role (used in EMR Studio by default) | AliyunECSInstanceForEMRStudioRole | This role allows you to use EMR Studio to access your resources in other Alibaba Cloud services. If this role is not assigned to your account, a window appears, which prompts you to assign this role when you create an EMR Studio cluster for the first time. To assign this role, use your Alibaba Cloud account. | AliyunECSInstanceForEMRStudioRolePolicy |
What to do next
If you want to manage EMR clusters as a RAM user, refer to Create a RAM user and Grant permissions to RAM users to create a RAM user and grant the required collaborative development permissions to the RAM user.