Posted On: Nov 16, 2016

You can now use cluster tags to enable fine-grained access control on Amazon EMR clusters. Using AWS Identity and Access Management (IAM) policy statements, you can use conditions to allow or deny actions on clusters with tags and tag values that you specify. Additionally, you can use a policy statement that requires users to add specific tags when a cluster is created. Fine-grained access control using cluster tags is available on all Amazon EMR releases that support tags.

You can create IAM policies and attach them to users using the IAM console, the AWS Command Line Interface (CLI), or the AWS SDK. To allow or deny actions on Amazon EMR clusters, you use the new elasticmapreduce:ResourceTag condition context key to specify the cluster tags and tag values. To specify tags that are required when a user creates a cluster, you use the elasticmapreduce:RequestTag condition context key. For more information, see the Amazon EMR documentation