创建EMR Studio
到Amazon EMR控制台, 在左侧面板选择Studios,然后点击Create Studio:
选择Interactive workloads:
在Studio Settings部分点击Edit。
- 指定
studio1作为Studio Name。 - 对于S3 location for Workspaces storage,选择Select existing location选项并指定
s3://otfs-workshop-studiostorage-<your-account-id>/studio1(将<your-account-id>替换为当前账户ID)。 - 对于Service Role,选择Choose an existing service role选项并选择
otfs-workshop-EMRStudio_Service_Role。
在Workspaces Settings部分点击Edit。
- 指定
workspace1作为Workspace name。
在EMR Serverless application Settings部分点击Edit。
- 指定
Serverless_Interactive_App_1作为Application name。 - 对于Runtime Role,选择Choose an existing runtime role并选择
otfs-workshop-AmazonEMRStudio_RuntimeRole。 - 点击Create Studio。
现在我们应该能看到我们的EMR Studio studio1:
权限说明
上面选择了两个已经创建好的Role,对于EMRStudio-Service-Role,它的定义如下:
所需要的权限,主要是能往S3里写日志:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::otfs-workshop-studiostorage-145197526627/*"
],
"Effect": "Allow",
"Sid": "AllowS3StudioStorageObjectActions"
},
{
"Action": [
"s3:ListBucket",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::otfs-workshop-studiostorage-145197526627"
],
"Effect": "Allow",
"Sid": "AllowS3StudioStorageBucketActions"
}
]
}
对于AmazonEMRStudio_RuntimeRole:
所需要的权限是往业务的S3桶里写数据,以及有Glue的操作权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::otfs-workshop-data-145197526627/*",
"arn:aws:s3:::otfs-workshop-data-145197526627"
],
"Effect": "Allow",
"Sid": "AllowS3AccessOnDataBucket"
},
{
"Action": [
"glue:*",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "AllowFullGluePermissions"
}
]
}