0

We have a data engineer position which will work solely in EMR scope.

Our corporate AWS account have important EC2 servers and S3 buckets which we can't afford sharing with data engineer.

How can I grant an IAM user rights only to create/run/terminate EMR clusters and access to only certain buckets?

snowindy
  • 3,117
  • 9
  • 40
  • 54
  • Did you refer documentation ? It is pretty self explanatory. Also I think you explicitly add bucket names on which you want the iam user access. – Kush Vyas Mar 21 '16 at 09:37
  • @KushVyas From what I see in docs there is grant for operations on EC2 (star '*') like listing, creating and terminating of instances. Imagine data engineer terminates our production database accidentally... that's what I am trying to avoid. – snowindy Mar 21 '16 at 13:00
  • 1
    Do not give them access to Terminate Instance , just create a policy to start instance , no permission to stop , reboot or terminate. – Kush Vyas Mar 21 '16 at 13:36
  • @KushVyas I will give a try, hopefully EMR instances will be terminating okay even with limited permissions. – snowindy Mar 21 '16 at 20:50

0 Answers0