Amazon S3에 액세스하는 프라이빗 서브넷에 대한 샘플 정책 - Amazon EMR
사용 가능한 리전

Amazon S3에 액세스하는 프라이빗 서브넷에 대한 샘플 정책

프라이빗 서브넷의 경우 최소한 Amazon EMR에서 Amazon Linux 리포지토리에 액세스할 수 있는 기능을 제공해야 합니다. 이 프라이빗 서브넷 정책은 Amazon S3에 액세스하기 위한 VPC 엔드포인트 정책의 일부입니다. Amazon EMR 5.25.0 이상에서 영구 Spark 기록 서버에 대한 원클릭 액세스를 활성화하려면 Amazon EMR에서 Spark 이벤트 로그를 수집하는 시스템 버킷에 액세스할 수 있도록 허용해야 합니다. 로깅을 활성화하는 경우 aws157-logs-* 버킷에 PUT 권한을 제공합니다. 자세한 내용은 영구 Spark 기록 서버에 대한 원클릭 액세스를 참조하세요.

비즈니스 요구를 충족하는 정책 제한은 사용자가 결정합니다. 다음 예제 정책은 Spark 이벤트 로그를 수집하기 위해 Amazon Linux 리포지토리 및 Amazon EMR 시스템 버킷에 액세스할 수 있는 권한을 제공합니다. 버킷에 대한 몇 가지 샘플 리소스 이름을 보여줍니다.

Amazon VPC 엔드포인트에서 IAM 정책 사용에 대한 자세한 내용은 Amazon S3에 대한 엔드포인트 정책을 참조하세요.

다음 정책 예제에는 us-east-1 리전의 샘플 리소스가 포함되어 있습니다.

{
   "Version": "2008-10-17",
   "Statement": [
       {
           "Sid": "AmazonLinuxAMIRepositoryAccess",
           "Effect": "Allow",
           "Principal": "*",
           "Action": "s3:GetObject",
           "Resource": [
           	"arn:aws:s3:::packages.us-east-1.amazonaws.com/*",
           	"arn:aws:s3:::repo.us-east-1.amazonaws.com/",
           	"arn:aws:s3:::repo.us-east-1.amazonaws.com/*"
           ]
       },
       {
           "Sid": "EnableApplicationHistory",
           "Effect": "Allow",
           "Principal": "*",
           "Action": [
               "s3:Put*",
               "s3:Get*",
               "s3:Create*",
               "s3:Abort*",
               "s3:List*"
           ],
           "Resource": [
           	"arn:aws:s3:::prod.us-east-1.appinfo.src/*"
           ]
       }
   ]
}

다음 예제 정책에서는 Amazon Linux 2 리포지토리에 액세스하는 데 필요한 권한을 제공합니다. Amazon Linux 2 AMI가 기본값입니다.

{
   "Statement": [
       {
           "Sid": "AmazonLinux2AMIRepositoryAccess",
           "Effect": "Allow",
           "Principal": "*",
           "Action": "s3:GetObject",
           "Resource": [
           	"arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*",
           	"arn:aws:s3:::amazonlinux-2-repos-us-east-1/*"
           ]
       }
   ]
}

사용 가능한 리전

다음 표에는 리전별 버킷 목록이 포함되어 있으며, 리포지토리의 Amazon 리소스 이름(ARN)과 appinfo.src의 ARN을 나타내는 문자열이 모두 포함되어 있습니다. Amazon 리소스 이름(ARN)은 AWS 리소스를 고유하게 식별하는 문자열입니다.

리전 리포지토리 버킷 AppInfo 버킷
미국 동부(오하이오) "arn:aws:s3:::packages.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.us-east-2.appinfo.src/*"
미국 동부(버지니아 북부) "arn:aws:s3:::packages.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.us-east-1.appinfo.src/*"
미국 서부(캘리포니아 북부) "arn:aws:s3:::packages.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.us-west-1.appinfo.src/*"
미국 서부(오리건) "arn:aws:s3:::packages.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.us-west-2.appinfo.src/*"
아프리카(케이프타운) "arn:aws:s3:::packages.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.af-south-1.appinfo.src/*"
아프리카(케이프타운) "arn:aws:s3:::packages.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-east-1.appinfo.src/*"
아시아 태평양(하이데라바드) "arn:aws:s3:::packages.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-south-2.appinfo.src/*"
아시아 태평양(자카르타) "arn:aws:s3:::packages.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-3.appinfo.src/*"
아시아 태평양(말레이시아) "arn:aws:s3:::packages.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-5.appinfo.src/*"
아시아 태평양(멜버른) "arn:aws:s3:::packages.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-south-2.appinfo.src/*"
아시아 태평양(자카르타) "arn:aws:s3:::packages.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-4.appinfo.src/*"
아시아 태평양(뭄바이) "arn:aws:s3:::packages.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-south-1.appinfo.src/*"
아시아 태평양(오사카) "arn:aws:s3:::packages.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-4.appinfo.src/*"
아시아 태평양(서울) "arn:aws:s3:::packages.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-northeast-2.appinfo.src/*"
아시아 태평양(싱가포르) "arn:aws:s3:::packages.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-1.appinfo.src/*"
아시아 태평양(시드니) "arn:aws:s3:::packages.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-southeast-2.appinfo.src/*"
아시아 태평양(도쿄) "arn:aws:s3:::packages.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-northeast-1.appinfo.src/*"
캐나다(중부) "arn:aws:s3:::packages.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ca-central-1.appinfo.src/*"
캐나다 서부(캘거리) "arn:aws:s3:::packages.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.ap-northeast-1.appinfo.src/*"
유럽(프랑크푸르트) "arn:aws:s3:::packages.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-central-1.appinfo.src/*"
유럽(아일랜드) "arn:aws:s3:::packages.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-west-1.appinfo.src/*"
유럽(런던) "arn:aws:s3:::packages.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-west-2.appinfo.src/*"
유럽(밀라노) "arn:aws:s3:::packages.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-south-1.appinfo.src/*"
유럽(파리) "arn:aws:s3:::packages.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-west-3.appinfo.src/*"
유럽(스페인) "arn:aws:s3:::packages.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-south-2.appinfo.src/*"
유럽(스톡홀름) "arn:aws:s3:::packages.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-north-1.appinfo.src/*"
유럽(취리히) "arn:aws:s3:::packages.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.emr.amazonaws.com/*" "arn:aws:s3:::prod.eu-central-2.appinfo.src/*"
이스라엘(텔아비브) "arn:aws:s3:::packages.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.il-central-1.appinfo.src/*"
중동(바레인) "arn:aws:s3:::packages.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.me-south-1.appinfo.src/*"
중동(UAE) "arn:aws:s3:::packages.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.me-central-1.appinfo.src/*"
남아메리카(상파울루) "arn:aws:s3:::packages.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.sa-east-1.appinfo.src/*"
AWS GovCloud(미국 동부) "arn:aws:s3:::packages.us-gov-east-1.amazonaws.com/","arn:aws:s3:::repo.us-gov-east-1.amazonaws.com/","arn:aws:s3:::repo.us-gov-east-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.us-gov-east-1.appinfo.src/*"
AWS GovCloud(미국 서부) "arn:aws:s3:::packages.us-gov-west-1.amazonaws.com/","arn:aws:s3:::repo.us-gov-west-1.amazonaws.com/","arn:aws:s3:::repo.us-gov-west-1.emr.amazonaws.com/*" "arn:aws:s3:::prod.me-south-1.appinfo.src/*"