问题
After a aws emr has launched, I'v noticed that it has a ec2 instance profile EMR_EC2_DefaultRole, and a emr role EMR_DefaultRole, they have similar permissions,so what's different between EMR_EC2_DefaultRole and EMR_DefaultRole?
回答1:
As Per Documentation:
EMR Role
The EMR role defines the allowable actions for Amazon EMR when provisioning resources and performing other service-level tasks that are not performed in the context of an EC2 instance running within a cluster. The default role is EMR_DefaultRole.
EMR Role for EC2
The EMR role for EC2 is used by EC2 instances within the cluster. In other words, this is the role associated with the EC2 instance profile for cluster instances. The permissions associated with this role apply to processes that run on cluster instances. As long as an application process runs on top of the Hadoop ecosystem, the application assumes this role to interact with other AWS services. The default role is EMR_EC2_DefaultRole.
Adding Further to it:
EMR_DefaultRole
This is the EMR role, which allows Amazon EMR to call other AWS services such as Amazon EC2 on your behalf.
EMR_EC2_DefaultRole
The EMR role for EC2 instances within a cluster. Processes that run on cluster instances use this role when they call other AWS services. For accessing EMRFS data in Amazon S3, you can specify different roles to be assumed based on the user or group making the request, or on the location of data in Amazon S3.
来源:https://stackoverflow.com/questions/54123473/whats-different-between-emr-ec2-defaultrole-and-emr-defaultrole