Feature/runtime roles

[chrisabbott]

Issue #, if available:

10

Description of changes:

• Adds support for --job-role flag for EMR on EC2.

This PR enables the passing of execution roles at runtime for EMR EC2 steps via the --job-role parameter in emr run. This allows a tighter scoping of permissions for individual steps, which helps avoid blanket permissions being assigned at a cluster-level.

Changes were validated on an EMR EC2 cluster under release label emr-6.7.0 with support for Spark applications for the following cases:

• [x] Executes under the specified --job-role for an EMR cluster with runtime roles enabled.
• [x] Throws an error when a run is attempted without passing the --job-role parameter on an EMR cluster with runtime roles enabled: [emr-cli]: An error occurred (ValidationException) when calling the AddJobFlowSteps operation: Runtime roles are required for this cluster. Please specify the role using the ExecutionRoleArn parameter.
• [x] Continues to execute under a cluster's default instance profile for an EMR cluster without runtime roles enabled when no --job-role is passed.
• [x] Throws an error when a run is attempted with a --job-role parameter on an EMR cluster without runtime roles enabled: [emr-cli]: An error occurred (ValidationException) when calling the AddJobFlowSteps operation: Runtime roles are not supported on this cluster. Please remove the ExecutionRoleArn parameter and re-run the request.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[dacort]

This looks great, thank you!

I was going to have you add a note to the README, but realized I need to overhaul it anyway now that EMR on EC2 is supported so I wouldn't worry about that for now unless you're feeling ambitious. ;)