💫EMR SaaS Installation

For each AWS account you want to support:

Create a new IAM role, for example dataflint-emr-read-only-role
Attach the policy arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2
Attach the following trust relationship policy (ping us to get the CUSTOMER_EXTERNAL_ID and DATAFLINT_ACCOUNT_ID)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::DATAFLINT_ACCOUNT_ID:role/eks-dataflint-service-role"
      },
      "Condition": {"StringEquals": {"sts:ExternalId": "{CUSTOMER_EXTERNAL_ID}"}},
      "Action": "sts:AssumeRole"
    }
  ]
}

Send to DataFlint via the communication channel (slack) the IAM roles ARN, and the aws region you use for EMR clusters

Last updated 22 days ago