我想知道是否有办法从另一个帐户的 s3 访问 jar 文件以及输入和输出位置。我的 EMR 集群在账户 1 上运行。我想从账户 2 的 s3 访问文件和 jar 位置。我正在使用 AWS 开发工具包来启动 AWS Simple 工作流程。谢谢。

您需要为跨账户访问创建角色:
http://docs.aws.amazon.com/IAM/latest/UserGuide/delegation-cross-acct-access.html

您可以使用 IAM 角色建立跨账户访问。您在账户 2 中定义一个角色，该角色可由账户 1 中的用户(IAM 用户或联合用户)承担。使用角色进行跨账户访问可让您授予对账户 2 中任何资源的访问权限(在您的情况下为S3)

编辑:

您首先需要在账户 2 中创建一个对 S3 具有读写访问权限的角色(我们将其命名为“S3-ReadWrite-role”)，并授予账户 1 中的用户使用角色“S3-ReadWrite-role”的权限

检查此链接，它将向您解释如何操作:
http://blogs.aws.amazon.com/security/post/TxC24FI9IDXTY1/Delegating-API-Access-to-AWS-Services-Using-IAM-span-class-matches-Roles-span

完成第一步后，您可以使用此代码(未测试):
使用您的凭据，您将收到一个临时安全凭据以使用“S3-ReadWrite-role”，然后您将使用临时安全凭据访问 S3 ;)

import java.util.HashMap;

import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.dynamodb.AmazonDynamoDBClient;
import com.amazonaws.services.dynamodb.model.*;
import com.amazonaws.auth.*;

public class AssumeRoleDemo {
    private static final String ROLE_ARN =
    "arn:aws:iam::111122223333:role/S3-ReadWrite-role";

    private static AWSCredentials longTermCredentials_;

    private static void init() throws Exception {
    // acquire long term credentials from the properties file ( you should use this method)
    //longTermCredentials_ = new PropertiesCredentials(AssumeRoleDemo.class.getResourceAsStream("AwsCredentials.properties"));

    // or you can use this one
    longTermCredentials = new BasicAWSCredentials(access_key_id, secret_access_key);
}

    public static void main(String[] args) throws Exception {
        init();

       // Step 1. Use Joe.s long-term credentials to call the
       // AWS Security Token Service (STS) AssumeRole API, specifying
       // the ARN for the role S3-RW-role in account2.

        AWSSecurityTokenServiceClient stsClient = new
          AWSSecurityTokenServiceClient(longTermCredentials_);

        AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
          .withRoleArn(ROLE_ARN)
          .withDurationSeconds(3600)
          .withRoleSessionName("demo");

       AssumeRoleResult assumeResult =
           stsClient.assumeRole(assumeRequest);

      // Step 2. AssumeRole returns temporary security credentials for
      // the IAM role.

      BasicSessionCredentials temporaryCredentials =
         new BasicSessionCredentials(
                assumeResult.getCredentials().getAccessKeyId(),
                assumeResult.getCredentials().getSecretAccessKey(),
                assumeResult.getCredentials().getSessionToken());

     // Step 3. Make S3 service calls to read data from a
     // S3, stored in account2, using the
     // temporary security credentials from the S3-ReadWrite-role
     // that were returned in the previous step.

     AmazonS3 s3Client = new AmazonS3Client(temporaryCredentials);
     S3Object object = s3Client.getObject(
              new GetObjectRequest(bucketName, key));
     InputStream objectData = object.getObjectContent();
     // Process the objectData stream.
     objectData.close();

    }
}