Posted On: Jun 20, 2014

Amazon Elastic MapReduce (EMR) has introduced two new AWS Identity and Access Management (IAM) integration features.

First, in addition to allowing AWS IAM users to administer Amazon EMR, you can now let federated users access Amazon EMR or interact with Amazon EMR using an IAM role. Federation allows you to give users in your corporate network secure access to Amazon EMR (and other AWS services) without having to create and manage individual IAM users. To learn more about federation in AWS, click here, and to learn more about IAM roles, click here.

Second, you can now assign an IAM role to the Amazon EMR service. This means you can now assign roles in two ways to Amazon EMR. The new feature gives you the option to limit the overall permissions of the Amazon EMR service - for example, you can control the access that Amazon EMR has to manage Amazon EC2 instances. You also have the current ability to associate an instance profile (essentially a role) with the Amazon EC2 instances in an Amazon EMR cluster, which lets you control the access from within an instance to other AWS services like Amazon S3. To learn more about using Amazon EMR service roles and instance profiles for EC2 in Amazon EMR, click here.

To get started with Amazon EMR, visit: