使用 RunJobFlowResult 创建 Aws Emr 集群无法采用指定的配置？

Question

我正在使用 AWS Java SDK 创建一个 Aws Emr 集群。下面是代码sn-p。

JobFlowInstancesConfig jobFlowInstanceConfig = new JobFlowInstancesConfig()
                .withEc2SubnetId(config.getEc2SubnetId())
                .withEc2KeyName(config.getEc2KeyName()) 
                .withInstanceCount(config.getInstanceCount()) 
                .withKeepJobFlowAliveWhenNoSteps(true)    
                .withMasterInstanceType(config.getMasterInstanceType())
                .withSlaveInstanceType(config.getSlaveInstanceType());

RunJobFlowRequest request = new RunJobFlowRequest()
                .withName(clusterName)
                .withReleaseLabel(config.getReleaseLabel())
                .withApplications(applications)
                .withLogUri(config.getLogUri())
                .withServiceRole(config.getServiceRole())
                .withJobFlowRole(config.getJobFlowRole())
                .withInstances(jobFlowInstanceConfig);
RunJobFlowResult runJobFlowResult = emrClient.runJobFlow(request); 

如您所见，我正在使用 .withJobFlowRole(config.getJobFlowRole()) 设置“JobFlowRole”，但它采用无权创建集群的默认值。

我收到以下错误：

com.amazonaws.services.elasticmapreduce.model.AmazonElasticMapReduceException: User: arn:aws:sts::6...0:assumed-role/default-role/i-0...4 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::6...0:role/EMR_DefaultRole (Service: AmazonElasticMapReduce; Status Code: 400; Error Code: AccessDeniedException; Request ID: a...f)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1701)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1356)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1102)

请帮忙。

Answer 1

JobFlowRole 是 EMR 服务的角色，这不是创建 EMR 的角色。见documentation。

您应该拥有在用于获​​取 AWS 凭证的位置创建 EMR 的正确权限。您的凭据缺少 iam:PassRole。