0

I'm trying to stand up a new cluster in AWS EMR, but it immediately fails with the following error:

Service-linked role 'AWSServiceRoleForEMRCleanup' for EMR is required. Please create this role directly or add permission to create it in your IAM entity.

My service role for EMR has the following permission:

  - Effect: Allow
    Action:
      - iam:CreateServiceLinkedRole
      - iam:PutRolePolicy
    Resource:
      - "arn:aws:iam::<account-id>:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup"

I've tried using * as the resource as well, which produces the same results.

I have also attempted to create the role directly as the error suggests, but that fails due to AWSServiceRole being a reserved prefix for role names created by AWS.

Improve this question

1 Answer 1

Reset to default
0

The solution was to add the CreateServiceLinkedRole permission to the IAM role of the user making the calls, NOT the EMR service role.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.