Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Contoh kebijakan untuk subnet pribadi yang mengakses Amazon S3
Untuk subnet privat, setidaknya Anda harus menyediakan kemampuan bagi Amazon EMR agar dapat mengakses repositori Amazon Linux. Kebijakan subnet privat ini adalah bagian dari kebijakan VPC endpoint untuk mengakses Amazon S3.
Dengan Amazon EMR 5.25.0 atau lebih baru, untuk mengaktifkan akses sekali klik ke server riwayat Spark persisten, Anda harus mengizinkan Amazon EMR untuk mengakses bucket sistem yang mengumpulkan log peristiwa Spark. Jika Anda mengaktifkan logging, berikan izin PUT ke bucket berikut:
aws157-logs-${AWS::Region}/*
Untuk informasi selengkapnya, lihat Akses sekali klik ke Spark Server Riwayat persisten.
Anda dapat menentukan batasan kebijakan yang memenuhi kebutuhan bisnis sesuai keinginan Anda. Contoh kebijakan berikut memberikan izin untuk mengakses repositori Amazon Linux dan bucket sistem Amazon EMR untuk mengumpulkan log peristiwa Spark. Ini menunjukkan beberapa contoh nama sumber daya untuk ember.
Untuk informasi selengkapnya tentang penggunaan kebijakan IAM dengan titik akhir Amazon VPC, lihat Kebijakan Titik Akhir untuk Amazon S3.
Contoh kebijakan berikut berisi sumber daya sampel di wilayah us-east-1.
Contoh kebijakan berikut memberikan izin yang diperlukan untuk mengakses repositori Amazon Linux 2. AMI Amazon Linux 2 adalah default.
{ "Statement": [ { "Sid": "AmazonLinux2AMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*", "arn:aws:s3:::amazonlinux-2-repos-us-east-1/*" ] } ] }
Wilayah yang tersedia
Tabel berikut berisi daftar bucket menurut wilayah, dan menyertakan Amazon Resource Name (ARN) untuk respositori dan string yang mewakili ARN untuk. appinfo.src ARN, atau Amazon Resource Name, adalah string yang secara unik mengidentifikasi sumber daya. AWS
| Wilayah | Ember repositori | AppInfo ember |
|---|---|---|
| AS Timur (Ohio) | “arn:aws:s3::: packages.us-east-2.amazonaws.com/”, "arn:aws:s3::: repo.us-east-2.amazonaws.com/”, "arn:aws:s3: ::repo.us-east-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.us-east-2.appinfo.src/*” |
| AS Timur (Virginia N.) | “arn:aws:s3::: packages.us-east-1.amazonaws.com/”, "arn:aws:s3::: repo.us-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.us-east-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.us-east-1.appinfo.src/*” |
| AS Barat (California N.) | “arn:aws:s3::: packages.us-west-1.amazonaws.com/”, "arn:aws:s3::: repo.us-west-1.amazonaws.com/”, "arn:aws:s3: ::repo.us-west-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.us-west-1.appinfo.src/*” |
| AS Barat (Oregon) | “arn:aws:s3::: packages.us-west-2.amazonaws.com/”, "arn:aws:s3::: repo.us-west-2.amazonaws.com/”, "arn:aws:s3: ::repo.us-west-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.us-west-2.appinfo.src/*” |
| Afrika (Cape Town) | “arn:aws:s3::: packages.af-south-1.amazonaws.com/”, "arn:aws:s3::: repo.af-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.af-south-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.af-south-1.appinfo.src/*” |
| Afrika (Cape Town) | “arn:aws:s3::: packages.ap-east-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-east-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-east-1.appinfo.src/*” |
| Asia Pasifik (Hyderabad) | “arn:aws:s3::: packages.ap-south-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-south-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-south-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-south-2.appinfo.src/*” |
| Asia Pasifik (Jakarta) | “arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-southeast-3.appinfo.src/*” |
| Asia Pasifik (Malaysia) | “arn:aws:s3::: packages.ap-southeast-5.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-5.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-5.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-southeast-5.appinfo.src/*” |
| Asia Pasifik (Melbourne) | “arn:aws:s3::: packages.ap-southeast-4.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-4.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-4.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-south-4.appinfo.src/*” |
| Asia Pasifik (Mumbai) | “arn:aws:s3::: packages.ap-south-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-south-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-south-1.appinfo.src/*” |
| Asia Pasifik (Osaka) | “arn:aws:s3::: packages.ap-northeast-3.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-3.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-3.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-northeast-3.appinfo.src/*” |
| Asia Pasifik (Seoul) | “arn:aws:s3::: packages.ap-northeast-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-northeast-2.appinfo.src/*” |
| Asia Pasifik (Singapura) | “arn:aws:s3::: packages.ap-southeast-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-southeast-1.appinfo.src/*” |
| Asia Pasifik (Sydney) | “arn:aws:s3::: packages.ap-southeast-2.amazonaws.com/”, "arn:aws:s3::: repo.ap-southeast-2.amazonaws.com/”, "arn:aws:s3: ::repo.ap-southeast-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-southeast-2.appinfo.src/*” |
| Asia Pasifik (Tokyo) | “arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/”, "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/”, "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ap-northeast-1.appinfo.src/*” |
| Kanada (Tengah) | “arn:aws:s3::: packages.ca-central-1.amazonaws.com/”, "arn:aws:s3::: repo.ca-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.ca-central-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ca-central-1.appinfo.src/*” |
| Kanada Barat (Calgary) | “arn:aws:s3::: packages.ca-west-1.amazonaws.com/”, "arn:aws:s3::: repo.ca-west-1.amazonaws.com/”, "arn:aws:s3: ::repo.ca-west-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.ca-west-1.appinfo.src/*” |
| Eropa (Frankfurt am Main) | “arn:aws:s3::: packages.eu-central-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-central-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-central-1.appinfo.src/*” |
| Eropa (Irlandia) | “arn:aws:s3::: packages.eu-west-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-west-1.appinfo.src/*” |
| Eropa (London) | “arn:aws:s3::: packages.eu-west-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-west-2.appinfo.src/*” |
| Eropa (Milan) | “arn:aws:s3::: packages.eu-south-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-south-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-south-1.appinfo.src/*” |
| Eropa (Paris) | “arn:aws:s3::: packages.eu-west-3.amazonaws.com/”, "arn:aws:s3::: repo.eu-west-3.amazonaws.com/”, "arn:aws:s3: ::repo.eu-west-3.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-west-3.appinfo.src/*” |
| Eropa (Spanyol) | “arn:aws:s3::: packages.eu-south-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-south-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-south-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-south-2.appinfo.src/*” |
| Eropa (Stockholm) | “arn:aws:s3::: packages.eu-north-1.amazonaws.com/”, "arn:aws:s3::: repo.eu-north-1.amazonaws.com/”, "arn:aws:s3: ::repo.eu-north-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-north-1.appinfo.src/*” |
| Eropa (Zürich) | “arn:aws:s3::: packages.eu-central-2.amazonaws.com/”, "arn:aws:s3::: repo.eu-central-2.amazonaws.com/”, "arn:aws:s3: ::repo.eu-central-2.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.eu-central-2.appinfo.src/*” |
| Israel (Tel Aviv) | “arn:aws:s3::: packages.il-central-1.amazonaws.com/”, "arn:aws:s3::: repo.il-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.il-central-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.il-central-1.appinfo.src/*” |
| Timur Tengah (Bahrain) | “arn:aws:s3::: packages.me-south-1.amazonaws.com/”, "arn:aws:s3::: repo.me-south-1.amazonaws.com/”, "arn:aws:s3: ::repo.me-south-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.me-south-1.appinfo.src/*” |
| Timur Tengah (UEA) | “arn:aws:s3::: packages.me-central-1.amazonaws.com/”, "arn:aws:s3::: repo.me-central-1.amazonaws.com/”, "arn:aws:s3: ::repo.me-central-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.me-central-1.appinfo.src/*” |
| Amerika Selatan (São Paulo) | “arn:aws:s3::: packages.sa-east-1.amazonaws.com/”, "arn:aws:s3::: repo.sa-east-1.amazonaws.com/”, "arn:aws:s3: ::repo.sa-east-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.sa-east-1.appinfo.src/*” |
| AWS GovCloud (AS-Timur) | “arn:aws:s3: ::paket. us-gov-east-1.amazonaws.com/”, "arn:aws:s3: ::repo. us-gov-east-1.amazonaws.com/”, "arn:aws:s3: ::repo. us-gov-east-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod. us-gov-east-1.appinfo.src/*” |
| AWS GovCloud (AS-Barat) | “arn:aws:s3: ::paket. us-gov-west-1.amazonaws.com/”, "arn:aws:s3: ::repo. us-gov-west-1.amazonaws.com/”, "arn:aws:s3: ::repo. us-gov-west-1.emr.amazonaws.com/*” | “arn:aws:s3: ::prod.me-south-1.appinfo.src/*” |
