Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
Ejemplos de políticas para subredes privadas que acceden a Amazon S3
En el caso de las subredes privadas, como mínimo debe proporcionar a Amazon EMR la capacidad de acceder a los repositorios de Amazon Linux. Esta política de subred privada forma parte de las políticas de puntos de conexión de VPC para el acceso a Amazon S3.
Con Amazon EMR 5.25.0 o posterior, para habilitar el acceso de un clic al servidor del historial de Spark persistente, debe permitir a Amazon EMR el acceso al bucket del sistema que recopila los registros de eventos de Spark. Si habilitas el registro, proporciona permisos PUT al siguiente depósito:
aws157-logs-${AWS::Region}/*
Para más información, consulte Acceso de un clic al servidor del historial de Spark persistente.
Usted debe determinar las restricciones de política que satisfacen sus necesidades empresariales. En el siguiente ejemplo de política se proporcionan permisos para acceder a los repositorios de Amazon Linux y al bucket del sistema de Amazon EMR para recopilar registros de eventos de Spark. Muestra algunos ejemplos de nombres de recursos para los buckets.
Para más información acerca del uso de políticas de IAM con puntos de conexión de Amazon VPC, consulte Políticas de punto de conexión para Amazon S3.
En el siguiente ejemplo de política se describen ejemplos de recursos en la región us-east-1.
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AmazonLinuxAMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::packages.us-east-1.amazonaws.com/*", "arn:aws:s3:::repo.us-east-1.amazonaws.com/", "arn:aws:s3:::repo.us-east-1.amazonaws.com/*" ] }, { "Sid": "EnableApplicationHistory", "Effect": "Allow", "Principal": "*", "Action": [ "s3:Put*", "s3:Get*", "s3:Create*", "s3:Abort*", "s3:List*" ], "Resource": [ "arn:aws:s3:::prod.us-east-1.appinfo.src/*" ] } ] }
El siguiente ejemplo de política proporciona los permisos necesarios para acceder a los repositorios de Amazon Linux 2. La AMI de Amazon Linux 2 es el valor predeterminado.
{ "Statement": [ { "Sid": "AmazonLinux2AMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*", "arn:aws:s3:::amazonlinux-2-repos-us-east-1/*" ] } ] }
Regiones disponibles
La siguiente tabla contiene una lista de buckets por región e incluye un nombre de recurso de Amazon (ARN) para el repositorio, así como una cadena que representa el ARN para el appinfo.src. El ARN, o nombre de recurso de Amazon, es una cadena que identifica un recurso de forma exclusiva. AWS
| Región | Buckets de repositorio | AppInfo bucket |
|---|---|---|
| EE.UU. Este (Ohio) | "arn:aws:s3:::packages.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.us-east-2.appinfo.src/*" |
| EE.UU. Este (Norte de Virginia) | "arn:aws:s3:::packages.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.us-east-1.appinfo.src/*" |
| EE.UU. Oeste (Norte de California) | "arn:aws:s3:::packages.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.us-west-1.appinfo.src/*" |
| EE.UU. Oeste (Oregón) | "arn:aws:s3:::packages.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.us-west-2.appinfo.src/*" |
| África (Ciudad del Cabo) | "arn:aws:s3:::packages.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.af-south-1.appinfo.src/*" |
| África (Ciudad del Cabo) | "arn:aws:s3:::packages.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-east-1.appinfo.src/*" |
| Asia-Pacífico (Hyderabad) | "arn:aws:s3:::packages.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-south-2.appinfo.src/*" |
| Asia-Pacífico (Yakarta) | "arn:aws:s3:::packages.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-southeast-3.appinfo.src/*" |
| Asia-Pacífico (Malasia) | "arn:aws:s3:::packages.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-southeast-5.appinfo.src/*" |
| Asia-Pacífico (Melbourne) | "arn:aws:s3:::packages.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.emr.amazonaws.com/*" | «arn:aws:s3: ::prod.ap-south-4.appinfo.src/*» |
| Asia-Pacífico (Mumbai) | "arn:aws:s3:::packages.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-south-1.appinfo.src/*" |
| Asia-Pacífico (Osaka) | «arn:aws:s3::: packages.ap-northeast-3.amazonaws.com/», «arn:aws:s3::: repo.ap-northeast-3.amazonaws.com/», «arn:aws:s3: ::repo.ap-northeast-3.emr.amazonaws.com/*» | «arn:aws:s3: :prod.ap-northeast-3.appinfo.src/*» |
| Asia Pacífico (Seúl) | "arn:aws:s3:::packages.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-northeast-2.appinfo.src/*" |
| Asia-Pacífico (Singapur) | "arn:aws:s3:::packages.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-southeast-1.appinfo.src/*" |
| Asia Pacífico (Sídney) | "arn:aws:s3:::packages.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-southeast-2.appinfo.src/*" |
| Asia Pacífico (Tokio) | "arn:aws:s3:::packages.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ap-northeast-1.appinfo.src/*" |
| Canadá (Central) | "arn:aws:s3:::packages.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.ca-central-1.appinfo.src/*" |
| Oeste de Canadá (Calgary | «arn:aws:s3::: packages.ca-west-1.amazonaws.com/», «arn:aws:s3::: repo.ca-west-1.amazonaws.com/», «arn:aws:s3: ::repo.ca-west-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ca-west-1.appinfo.src/*» |
| Europa (Fráncfort) | "arn:aws:s3:::packages.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-central-1.appinfo.src/*" |
| Europa (Irlanda) | "arn:aws:s3:::packages.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-west-1.appinfo.src/*" |
| Europa (Londres) | "arn:aws:s3:::packages.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-west-2.appinfo.src/*" |
| Europa (Milán) | "arn:aws:s3:::packages.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-south-1.appinfo.src/*" |
| Europa (París) | "arn:aws:s3:::packages.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-west-3.appinfo.src/*" |
| Europa (España) | "arn:aws:s3:::packages.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-south-2.appinfo.src/*" |
| Europa (Estocolmo) | "arn:aws:s3:::packages.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-north-1.appinfo.src/*" |
| Europa (Zúrich) | "arn:aws:s3:::packages.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.emr.amazonaws.com/*" | "arn:aws:s3:::prod.eu-central-2.appinfo.src/*" |
| Israel (Tel Aviv) | "arn:aws:s3:::packages.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.il-central-1.appinfo.src/*" |
| Medio Oriente (Baréin) | "arn:aws:s3:::packages.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.me-south-1.appinfo.src/*" |
| Medio Oriente (EAU) | "arn:aws:s3:::packages.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.me-central-1.appinfo.src/*" |
| América del Sur (São Paulo) | "arn:aws:s3:::packages.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.emr.amazonaws.com/*" | "arn:aws:s3:::prod.sa-east-1.appinfo.src/*" |
| AWS GovCloud (EE. UU.-Este) | «arn:aws:s3: ::paquetes. us-gov-east-1.amazonaws.com/», «arn:aws:s3: ::repo. us-gov-east-1.amazonaws.com/», «arn:aws:s3: ::repo. us-gov-east-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod. us-gov-east-1.appinfo.src/*» |
| AWS GovCloud (EE. UU.-Oeste) | «arn:aws:s3: ::paquetes. us-gov-west-1.amazonaws.com/», «arn:aws:s3: ::repo. us-gov-west-1.amazonaws.com/», «arn:aws:s3: ::repo. us-gov-west-1.emr.amazonaws.com/*» | "arn:aws:s3:::prod.me-south-1.appinfo.src/*" |
