Skip to main content

AWS Configuration

Using the PK Protect S3 Cloud IDP, user can provision an EMR cluster through Admin console to access S3 data. The S3 Cloud IDP is used for browsing the S3 buckets. The S3 IDP allows PK Protect to run data detection and protection tasks on the S3 repository. PK Protect's S3 IDP is automatically installed in the cluster the cloud IDP spins up.

If the user wants to provision an EMR cluster, the user must create IAM (Identity and Access Management) roles on AWS that has access to S3 buckets and permission to create or destroy EMR cluster. You use IAM to control who is authenticated (signed in) and authorized (have permissions) to access AWS resources.

These are the minimum IAM permissions required on AWS for PK Protect to run S3 detection/protection tasks, and to provision an EMR cluster using the Cloud IDP from the Admin console.

  1. Minimum Roles for Services: S3

    CODE
    {
    "Version": "2012-10-17",
    "Statement": [
            			{
               	"Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
                   	"s3:PutObject",
                    	"s3:GetObject",
        		            	"s3:ListAllMyBuckets",
             		       	"s3:ListBucket"
                					],
    "Resource": 	"*"
            	}]
    }
  2. Minimum Roles for Services: IAM

    CODE
    {
    "Version": "2012-10-17",
    "Statement": [
            	{
               	"Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
                    	"iam:GetRole",
                    	"iam:PassRole",
        		            	"iam:ListRolePolicies",
             		       	"iam:ListInstanceProfiles",
                   	 	"iam:GetRolePolicy"
                					],
                	"Resource": "*"
            	}]
    }
  3. Minimum Roles for Services: EMR

    CODE
    {
        		"Version": "2012-10-17",
        				"Statement": [
            			{
                	"Sid": "VisualEditor0",
                	"Effect": "Allow",
                	"Action": [
                    	"elasticmapreduce:DescribeSecurityConfiguration",
        		            	"elasticmapreduce:ListInstances",
                    	"elasticmapreduce:ListSecurityConfigurations",
                    	"elasticmapreduce:ListSteps",
                    	"elasticmapreduce:SetVisibleToAllUsers",
                    	"elasticmapreduce:PutAutoScalingPolicy",
        		            	"elasticmapreduce:DescribeCluster",
                    	"elasticmapreduce:RunJobFlow",
                    	"elasticmapreduce:SetTerminationProtection",
                    	"elasticmapreduce:TerminateJobFlows",
                    	"elasticmapreduce:CancelSteps"
       			         			],
                			"Resource": "*"
            			}]
    			}

Access the AWS Configuration screen by clicking the AWS Configuration option in the left side pane. The AWS Configuration screen is depicted below:

The top panel displays the cluster information along with its status. Clicking on the configuration populates the bottom panel with cluster details.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.