Menu
After a aws emr has launched, I'v noticed that it has a ec2 instance profile EMR_EC2_DefaultRole, and a emr role EMR_DefaultRole, they have similar permissions,so what's different between EMR_EC2_DefaultRole and EMR_DefaultRole?
841
EMR_EC2_DefaultRole is the default managed role that is assigned to our EC2 instances as an instance profile when we create our cluster. The role has a default managed policy called "AmazonElasticMapReduceforEC2Role" which has a few risky actions.
An Emergency Medical Responder (EMR) may function in the context of a broader role, i.e., law enforcement, fire rescue or industrial response. With a limited amount of equipment, the EMR answers emergency calls to provide efficient and immediate care to ill and injured patients.
EMR can run directly on Amazon EC2 or on Amazon Elastic Kubernetes Service (EKS), with the actual instances running on EC2 or Fargate. EMR is priced per second of usage, on top of the regular costs for EC2 compute instances, Fargate vCPUs, and other services needed to run EMR jobs, such as storage.
The easiest way to grant full access or read-only access to required Amazon EMR actions is to use the IAM managed policies for Amazon EMR. Managed policies offer the benefit of updating automatically if permission requirements change.
As Per Documentation:
EMR Role
The EMR role defines the allowable actions for Amazon EMR when provisioning resources and performing other service-level tasks that are not performed in the context of an EC2 instance running within a cluster. The default role is EMR_DefaultRole.
EMR Role for EC2
The EMR role for EC2 is used by EC2 instances within the cluster. In other words, this is the role associated with the EC2 instance profile for cluster instances. The permissions associated with this role apply to processes that run on cluster instances. As long as an application process runs on top of the Hadoop ecosystem, the application assumes this role to interact with other AWS services. The default role is EMR_EC2_DefaultRole.
Adding Further to it:
EMR_DefaultRole
This is the EMR role, which allows Amazon EMR to call other AWS services such as Amazon EC2 on your behalf.
EMR_EC2_DefaultRole
The EMR role for EC2 instances within a cluster. Processes that run on cluster instances use this role when they call other AWS services. For accessing EMRFS data in Amazon S3, you can specify different roles to be assumed based on the user or group making the request, or on the location of data in Amazon S3.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
