When I create an Amazon EMR cluster, I get an "EMR_DefaultRole is invalid" or "EMR_EC2_DefaultRole is invalid" error
Last updated: 2020-11-12
When I try to create an Amazon EMR cluster, I get one of these error messages:
- "EMR_DefaultRole is invalid"
- "EMR_EC2_DefaultRole is invalid"
These errors usually happen when you edit one or more of the AWS Identity and Access Management (IAM) policies that are attached to the Amazon EMR default roles. To troubleshoot, compare the modified roles to the original versions (AmazonElasticMapReduceRole or AmazonElasticMapReduceforEC2Role). If you can't find the source of the problem, then delete and recreate the roles.
Compare the modified roles to the original versions
If you modified either AmazonElasticMapReduceforEC2Role or AmazonElasticMapReduceRole, review the changes that you made. Compare the modified versions to the originals (AmazonElasticMapReduceRole or AmazonElasticMapReduceforEC2Role). If you can't determine what caused the problem, delete the roles and the instance profile, as explained in the following section.
Delete and recreate the roles and instance profile
Before you begin, note the following:
- Be sure that you don't have any running EC2 instances that use the role or instance profile that you're about to delete. Deleting a role or instance profile that's associated with a running instance breaks applications that are running on the instance.
- The following steps reset EMR_DefaultRole and EMR_EC2_DefaultRole to their original configurations. If you customized the IAM policies attached to these roles, then those changes are lost.
AWS Management Console
1. Use the IAM console to delete the roles. IAM automatically deletes the instance profile and policies associated with the role.
2. Open the Amazon EMR console.
3. Create an EMR cluster. For Permissions, choose Default. Amazon EMR creates the default roles when it launches the cluster. These roles are available to any clusters that you launch later.
AWS Command Line Interface (AWS CLI)
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
aws iam remove-role-from-instance-profile --instance-profile-name EMR_EC2_DefaultRole --role-name EMR_EC2_DefaultRole
aws iam delete-instance-profile --instance-profile-name EMR_EC2_DefaultRole
3. Remove the IAM policy that's associated with EMR_EC2_DefaultRole:
aws iam detach-role-policy --role-name EMR_EC2_DefaultRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
aws iam delete-role --role-name EMR_EC2_DefaultRole
5. Remove the IAM policy that's associated with EMR_DefaultRole:
aws iam detach-role-policy --role-name EMR_DefaultRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole
6. Delete EMR_DefaultRole:
aws iam delete-role --role-name EMR_DefaultRole
aws emr create-default-roles
8. Launch a new EMR cluster.