All Products
Search

This Product

    E-MapReduce:Use resource groups

    Document Center

    E-MapReduce:Use resource groups

    Last Updated:Mar 26, 2026

    When you manage clusters and projects across multiple teams or environments, it becomes difficult to control who can access what, and accidental operations on production clusters are a real risk. Resource groups let you organize E-MapReduce (EMR) clusters and projects into isolated scopes — each with its own administrator and RAM user permissions — so you can enforce boundaries between teams, environments, or projects without affecting how resources interact with each other.

    How resource groups work

    A resource group is an organizational boundary, not a network boundary. Grouping resources does not change how they communicate or interact.

    Key behaviors to understand before you begin:

    • A resource group can span regions. A single group can contain clusters in China (Hangzhou) and China (Shanghai), alongside ECS instances and projects.

    • Cross-group collaboration is supported within the same account and region. A project in Resource Group A (China (Beijing)) can run jobs on a cluster in Resource Group B (China (Beijing)).

    • RAM user visibility is scoped to authorized groups. If a RAM user selects All Resources in the top navigation bar but has not been granted access to all groups, a message indicating that the RAM user is not authorized to access all resources appears. For example, if you authorize a RAM user to manage all Alibaba Cloud resources in your account, all resource groups in the account become accessible to that RAM user.

    • Group all resources that share the same lifecycle. If a cluster and its node resources are in different groups, managing permissions becomes inconsistent. Place node resources in the same group as their cluster.

    Limitations

    • Resource group creation and RAM authorization happen in the Resource Management console, not the EMR console. For details, see What is Resource Management?

    • In EMR, resource groups apply only to clusters and projects — not to other resource types.

    • When you create, scale out, or move a cluster, all node resources move with it. The node resources managed this way include Elastic Compute Service (ECS) instances, disks, images, Elastic Network Interfaces (ENIs), security groups, and key pairs.

    • Moving a node resource to a different group does not move its cluster. The cluster stays in the original group. To keep permissions and resource management consistent, always keep node resources in the same group as their cluster.

    • You cannot move resources between groups that belong to different Alibaba Cloud accounts.

    Assign a resource group when creating a cluster

    Every resource must belong to a resource group. If you do not specify one at creation time, EMR places the resource in the default resource group. You can only assign a group that your account is authorized to access.

    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

    2. In the top navigation bar, select the region and resource group that match your requirements.

    3. On the EMR on ECS page, click Create Cluster.

    4. Complete the Software Configuration and Hardware Configuration steps. In the Basic Configuration step, click Advanced Settings, then select a resource group from the Resource Group drop-down list. To create a new group during this step, click the Create Resource Group link in the Resource Group section. For details, see Create a resource group. For a full walkthrough of cluster creation, see Create a cluster.

    Use cases

    Separate test and production clusters

    If you run clusters for testing and production and want to prevent accidental operations on production resources, assign them to separate resource groups. An administrator can then work exclusively within the test group during development, and switch to the production group only when launching a service.

    1. Create two resource groups: Test Environment and Production Environment. For details, see Create a resource group.

    2. Assign the same administrator to both resource groups. For details, see Add RAM authorization.

    3. Create clusters TestEnv1 and TestEnv2 and assign them to the Test Environment resource group.

    4. Create clusters ProdEnv1 and ProdEnv2 and assign them to the Production Environment resource group.

    5. Log on to the EMR console using the administrator account for the Test Environment and Production Environment resource groups.

    6. Select a resource group from the top navigation bar. Only the clusters in that group appear in the cluster list. For example, selecting Test Environment shows TestEnv1 and TestEnv2.

    Manage resources and permissions by department

    If different departments need independent control over their own clusters and projects — including separate administrators and RAM user permissions — assign each department its own resource group.

    1. Create two resource groups: Develop Dept and Test Dept. For details, see Create a resource group.

    2. Assign a different administrator to each resource group. For details, see Add RAM authorization.

    3. Create cluster ITCluster and assign it to the Develop Dept resource group. For details, see Create a cluster.

    4. Create cluster FinanceCluster1 and assign it to the Test Dept resource group.

    5. Log on to the EMR console using the Test Dept administrator account.

    6. Select Test Dept from the top navigation bar. FinanceCluster1 appears in the cluster list.