本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 访问 Amazon S3 的私有子网的示例策略
对于私有子网,您必须让 Amazon EMR 至少能够访问 Amazon Linux 存储库。此私有子网策略是用于访问 Amazon S3 的 VPC 终端节点策略的一部分。
对于 Amazon EMR 5.25.0 或更高版本,要启用一键访问持久性 Spark 历史记录服务器,您必须允许 Amazon EMR 访问收集 Spark 事件日志的系统存储桶。如果启用日志记录,请为以下存储桶提供 PUT 权限:
```
aws157-logs-${AWS::Region}/*
```
有关更多信息,请参阅[一键访问持久性 Spark 历史记录服务器](https://docs.aws.amazon.com/emr/latest/ManagementGuide/app-history-spark-UI.html)。
由您决定满足业务需求的策略限制。以下示例策略提供了访问 Amazon Linux 存储库和 Amazon EMR 系统存储桶以收集 Spark 事件日志的权限。其中显示了存储桶的一些示例资源名称。
有关将 IAM policy 与 Amazon VPC 终端节点结合使用的更多信息,请参阅[Amazon S3 终端节点策略](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#vpc-endpoints-policies-s3)。
以下策略示例包含 us-east-1 区域的示例资源。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AmazonLinuxAMIRepositoryAccess",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::packages.us-east-1.amazonaws.com/*",
"arn:aws:s3:::repo.us-east-1.amazonaws.com/*"
]
},
{
"Sid": "EnableApplicationHistory",
"Effect": "Allow",
"Action": [
"s3:Put*",
"s3:Get*",
"s3:Create*",
"s3:Abort*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::prod.us-east-1.appinfo.src/*"
]
}
]
}
```
------
以下示例策略提供了访问 us-east-1 区域中的 Amazon Linux 2 存储库所需的权限。
```
{
"Statement": [
{
"Sid": "AmazonLinux2AMIRepositoryAccess",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*",
"arn:aws:s3:::amazonlinux-2-repos-us-east-1/*"
]
}
]
}
```
以下示例策略提供了访问 us-east-1 区域中的 Amazon Linux 2023 存储库所需的权限。
```
{
"Statement": [
{
"Sid": "AmazonLinux2023AMIRepositoryAccess",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::al2023-repos-us-east-1-de612dc2/*"
]
}
]
}
```
## 可用区
下表包含按区域划分的存储桶列表,其中包括存储库的 Amazon 资源名称(ARN)和表示 `appinfo.src` ARN 的字符串。ARN 或 Amazon 资源名称是一个 AWS 用于唯一标识资源的字符串。
| Region | 存储库存储桶 | AppInfo 水桶 |
| --- | --- | --- |
| 美国东部(俄亥俄) | "arn:aws:s3:::packages.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.amazonaws.com/","arn:aws:s3:::repo.us-east-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.us-east-2.appinfo.src/\$1" |
| 美国东部(弗吉尼亚北部) | "arn:aws:s3:::packages.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.amazonaws.com/","arn:aws:s3:::repo.us-east-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.us-east-1.appinfo.src/\$1" |
| 美国西部(加利福尼亚北部) | "arn:aws:s3:::packages.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.amazonaws.com/","arn:aws:s3:::repo.us-west-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.us-west-1.appinfo.src/\$1" |
| 美国西部(俄勒冈) | "arn:aws:s3:::packages.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.amazonaws.com/","arn:aws:s3:::repo.us-west-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.us-west-2.appinfo.src/\$1" |
| 非洲(开普敦) | "arn:aws:s3:::packages.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.amazonaws.com/","arn:aws:s3:::repo.af-south-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.af-south-1.appinfo.src/\$1" |
| 非洲(开普敦) | "arn:aws:s3:::packages.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.amazonaws.com/","arn:aws:s3:::repo.ap-east-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-east-1.appinfo.src/\$1" |
| 亚太地区(海得拉巴) | "arn:aws:s3:::packages.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.amazonaws.com/","arn:aws:s3:::repo.ap-south-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-south-2.appinfo.src/\$1" |
| 亚太地区(雅加达) | "arn:aws:s3:::packages.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-3.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-southeast-3.appinfo.src/\$1" |
| 亚太地区(马来西亚) | "arn:aws:s3:::packages.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-5.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-southeast-5.appinfo.src/\$1" |
| 亚太地区(墨尔本) | "arn:aws:s3:::packages.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-4.emr.amazonaws.com/\$1" | “arn: aws: s3::: prod.ap-south-4.appinfo.src/\$1” |
| 亚太地区(孟买) | "arn:aws:s3:::packages.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.amazonaws.com/","arn:aws:s3:::repo.ap-south-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-south-1.appinfo.src/\$1" |
| 亚太地区(大阪) | “arn: aws: s3:: packages.ap-northeast-3.amazonaws.com/”、“arn: aws: s3:: repo.ap-northeast-3.amazonaws.com/”、“arn: aws: s3::: repo.ap-northeast-3.emr.amazonaws.com/\$1” | “arn: aws: s3::: prod.ap-northeast-3.appinfo.src/\$1” |
| 亚太地区(首尔) | "arn:aws:s3:::packages.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-northeast-2.appinfo.src/\$1" |
| 亚太地区(新加坡) | "arn:aws:s3:::packages.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-southeast-1.appinfo.src/\$1" |
| 亚太地区(悉尼) | "arn:aws:s3:::packages.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.amazonaws.com/","arn:aws:s3:::repo.ap-southeast-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-southeast-2.appinfo.src/\$1" |
| 亚太地区(东京) | "arn:aws:s3:::packages.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.amazonaws.com/","arn:aws:s3:::repo.ap-northeast-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ap-northeast-1.appinfo.src/\$1" |
| 加拿大(中部) | "arn:aws:s3:::packages.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.amazonaws.com/","arn:aws:s3:::repo.ca-central-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ca-central-1.appinfo.src/\$1" |
| 加拿大西部(卡尔加里) | "arn:aws:s3:::packages.ca-west-1.amazonaws.com/","arn:aws:s3:::repo.ca-west-1.amazonaws.com/","arn:aws:s3:::repo.ca-west-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.ca-west-1.appinfo.src/\$1" |
| 欧洲地区(法兰克福) | "arn:aws:s3:::packages.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.amazonaws.com/","arn:aws:s3:::repo.eu-central-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-central-1.appinfo.src/\$1" |
| 欧洲地区(爱尔兰) | "arn:aws:s3:::packages.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.amazonaws.com/","arn:aws:s3:::repo.eu-west-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-west-1.appinfo.src/\$1" |
| 欧洲地区(伦敦) | "arn:aws:s3:::packages.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.amazonaws.com/","arn:aws:s3:::repo.eu-west-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-west-2.appinfo.src/\$1" |
| 欧洲地区(米兰) | "arn:aws:s3:::packages.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.amazonaws.com/","arn:aws:s3:::repo.eu-south-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-south-1.appinfo.src/\$1" |
| 欧洲(巴黎) | "arn:aws:s3:::packages.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.amazonaws.com/","arn:aws:s3:::repo.eu-west-3.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-west-3.appinfo.src/\$1" |
| 欧洲(西班牙) | "arn:aws:s3:::packages.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.amazonaws.com/","arn:aws:s3:::repo.eu-south-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-south-2.appinfo.src/\$1" |
| 欧洲地区(斯德哥尔摩) | "arn:aws:s3:::packages.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.amazonaws.com/","arn:aws:s3:::repo.eu-north-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-north-1.appinfo.src/\$1" |
| 欧洲(苏黎世) | "arn:aws:s3:::packages.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.amazonaws.com/","arn:aws:s3:::repo.eu-central-2.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.eu-central-2.appinfo.src/\$1" |
| 以色列(特拉维夫) | "arn:aws:s3:::packages.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.amazonaws.com/","arn:aws:s3:::repo.il-central-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.il-central-1.appinfo.src/\$1" |
| 中东(巴林) | "arn:aws:s3:::packages.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.amazonaws.com/","arn:aws:s3:::repo.me-south-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.me-south-1.appinfo.src/\$1" |
| 中东(阿联酋): | "arn:aws:s3:::packages.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.amazonaws.com/","arn:aws:s3:::repo.me-central-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.me-central-1.appinfo.src/\$1" |
| 南美洲(圣保罗) | "arn:aws:s3:::packages.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.amazonaws.com/","arn:aws:s3:::repo.sa-east-1.emr.amazonaws.com/\$1" | "arn:aws:s3:::prod.sa-east-1.appinfo.src/\$1" |
| AWS GovCloud (美国东部) | “arn: aws: s3:: packages。 us-gov-east-1.amazonaws.com/”,“arn: aws: s3::: repo。 us-gov-east-1.amazonaws.com/”,“arn: aws: s3::: repo。 us-gov-east-1.emr.amazonaws.com/\$1” | “arn: aws: s3::: prod。 us-gov-east-1.appinfo.src/\$1” |
| AWS GovCloud (美国西部) | “arn: aws: s3:: packages。 us-gov-west-1.amazonaws.com/”,“arn: aws: s3::: repo。 us-gov-west-1.amazonaws.com/”,“arn: aws: s3::: repo。 us-gov-west-1.emr.amazonaws.com/\$1” | "arn:aws:s3:::prod.me-south-1.appinfo.src/\$1" |