CODEWITHSUNDEEP
amazon-web-servicesamazon-emraws-java-sdk
Mehaboob Khan
Mehaboob Khan

Reputation: 363

Aws Emr Cluster creation with RunJobFlowResult unable to take specified config?

I am creating an Aws Emr cluster with AWS Java SDK. Below is the code snippet. 

JobFlowInstancesConfig jobFlowInstanceConfig = new JobFlowInstancesConfig()
                .withEc2SubnetId(config.getEc2SubnetId())
                .withEc2KeyName(config.getEc2KeyName()) 
                .withInstanceCount(config.getInstanceCount()) 
                .withKeepJobFlowAliveWhenNoSteps(true)    
                .withMasterInstanceType(config.getMasterInstanceType())
                .withSlaveInstanceType(config.getSlaveInstanceType());

RunJobFlowRequest request = new RunJobFlowRequest()
                .withName(clusterName)
                .withReleaseLabel(config.getReleaseLabel())
                .withApplications(applications)
                .withLogUri(config.getLogUri())
                .withServiceRole(config.getServiceRole())
                .withJobFlowRole(config.getJobFlowRole())
                .withInstances(jobFlowInstanceConfig);
RunJobFlowResult runJobFlowResult = emrClient.runJobFlow(request);

As you can see I am setting "JobFlowRole" using .withJobFlowRole(config.getJobFlowRole()), but it is taking default values which does not have permission to create cluster.

I am getting following error:

com.amazonaws.services.elasticmapreduce.model.AmazonElasticMapReduceException: User: arn:aws:sts::6...0:assumed-role/default-role/i-0...4 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::6...0:role/EMR_DefaultRole (Service: AmazonElasticMapReduce; Status Code: 400; Error Code: AccessDeniedException; Request ID: a...f)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1701)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1356)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1102)

Help please.

Upvotes: 0

Views: 1721

Answers (1)

Lamanus
Lamanus

Reputation: 13551

The JobFlowRole is the role of EMR service and this is not the role for creation EMR. See documentation.

You should have the right permission to create an EMR where you used to get the AWS credentials. The iam:PassRole is missing for your credentials.

Upvotes: 1

Related Questions