The E-MapReduce (EMR) service role allows you to use EMR to access other Alibaba Cloud services when you configure resources or perform service-level operations on your EMR cluster. For example, the service role can be used to create an Elastic Compute Service (ECS) instance when you start an EMR cluster. This topic describes the EMR service role AliyunEMRDefaultRole and the policies of this role.

Usage notes

To avoid impacts on the service stability of EMR, take note of the following points:
  • The EMR service role cannot be changed.
  • Do not delete or modify system policies of this role in the RAM console.


The default role AliyunEMRDefaultRole is configured with the policy AliyunEMRRolePolicy. The following tables describe the permissions of the AliyunEMRRolePolicy policy.

  • ECS-related permissions
    Permission (Action) Description
    ecs:CreateInstance Creates an ECS instance.
    ecs:RenewInstance Renews an ECS instance.
    ecs:DescribeRegions Queries the region information of an ECS instance.
    ecs:DescribeZones Queries the zone information of an ECS instance.
    ecs:DescribeImages Queries the image information of an ECS instance.
    ecs:CreateSecurityGroup Creates a security group.
    ecs:AllocatePublicIpAddress Assigns a public IP address to an ECS instance.
    ecs:DeleteInstance Deletes an ECS instance.
    ecs:StartInstance Starts an ECS instance.
    ecs:StopInstance Stops an ECS instance.
    ecs:DescribeInstances Queries ECS instances.
    ecs:DescribeDisks Queries the disk information of an ECS instance.
    ecs:AuthorizeSecurityGroup Specifies inbound rules for a security group.
    ecs:AuthorizeSecurityGroupEgress Specifies outbound rules for a security group.
    ecs:DescribeSecurityGroupAttribute Queries details of a security group.
    ecs:DescribeSecurityGroups Queries security groups.
  • OSS-related permissions
    Permission (Action) Description
    oss:PutObject Uploads a file or folder.
    oss:GetObject Obtains a file or folder.
    oss:ListObjects Queries files.