Skip to content

feat(iam): generate correct permissions for EMR service integration#743

Merged
zirkelc merged 1 commit intomasterfrom
feat-423-emr-iam
Apr 1, 2026
Merged

feat(iam): generate correct permissions for EMR service integration#743
zirkelc merged 1 commit intomasterfrom
feat-423-emr-iam

Conversation

@VirtueMe
Copy link
Copy Markdown
Collaborator

@VirtueMe VirtueMe commented Apr 1, 2026

Summary

  • Adds an emr IAM strategy covering all EMR Step Functions integration operations
  • Fixes the AccessDeniedException on elasticmapreduce:RunJobFlow reported in Add support for EMR Integration. Autogenerated IAM role throws exception. #423
  • createCluster and runJobFlow include iam:PassRole on * as required by the EMR integration docs
  • The .sync variant of createCluster additionally includes DescribeCluster and TerminateJobFlows

Operations covered

Resource ARN Permissions
elasticmapreduce:createCluster RunJobFlow, iam:PassRole
elasticmapreduce:createCluster.sync RunJobFlow, DescribeCluster, TerminateJobFlows, iam:PassRole
elasticmapreduce:runJobFlow RunJobFlow, iam:PassRole
elasticmapreduce:terminateCluster / .sync TerminateJobFlows, DescribeCluster
elasticmapreduce:addStep / .sync AddJobFlowSteps, DescribeStep, CancelSteps
elasticmapreduce:cancelStep CancelSteps
elasticmapreduce:setClusterTerminationProtection SetTerminationProtection
elasticmapreduce:modifyInstanceFleetByName ModifyInstanceFleet, ListInstanceFleets
elasticmapreduce:modifyInstanceGroupByName ModifyInstanceGroups, ListInstanceGroups

Closes #423

Test plan

  • npm test passes
  • All 10 new EMR strategy tests pass

🤖 Generated with Claude Code

@VirtueMe @claude
feat(iam): generate correct permissions for EMR service integration
593fcf6 
Adds an emr strategy covering all EMR Step Functions integration
operations: createCluster (+ .sync), runJobFlow, terminateCluster
(+ .sync), addStep (+ .sync), cancelStep, setClusterTerminationProtection,
modifyInstanceFleetByName, and modifyInstanceGroupByName.

createCluster and runJobFlow include iam:PassRole on * as required
by the EMR service integration docs. The .sync variant of createCluster
additionally includes DescribeCluster and TerminateJobFlows.

Closes #423

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new bot commented Apr 1, 2026

Open in StackBlitz

npm i https://pkg.pr.new/serverless-operations/serverless-step-functions@743

commit: 593fcf6

@zirkelc zirkelc merged commit 72860ca into master Apr 1, 2026
3 checks passed
@zirkelc zirkelc deleted the feat-423-emr-iam branch April 1, 2026 06:21
@zirkelc zirkelc mentioned this pull request Apr 1, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for EMR Integration. Autogenerated IAM role throws exception.

2 participants

@VirtueMe @zirkelc