You must be logged in to view saved presets
EMR Block Public Access (Account-Level)
Configure EMR Block Public Access on the AWS account level, for all EMR clusters in that region. This feature prevents a cluster from launching when any security group associated with the cluster has a rule that allows inbound traffic from IPv4 0.0.0.0/0 or IPv6 ::/0 (public access) on a port, unless the port has been specified as an exception.
Multiple port exceptions can be entered by using commans to separate them, and dashes can be used to indicate port ranges. For example: (443,1022-1024,1066)
CloudFormation template includes a custom resource using lambda to deploy the configuration.
Items
3
Size
1.5 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
EmrBlockPublicAccess:
Type: 'Custom::EmrBlockPublicAccess'
Properties:
ServiceToken:
'Fn::GetAtt':
- EmrBlockPublicAccessLambda
- Arn
EmrBlockPublicAccessLambdaRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Policies:
- PolicyName: emrInline
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'elasticmapreduce:GetBlockPublicAccessConfiguration'
- 'elasticmapreduce:PutBlockPublicAccessConfiguration'
Resource: '*'
EmrBlockPublicAccessLambda:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket:
'Fn::Sub':
- 'asecure-cloud-cf-aux-${Region}'
- Region:
Ref: 'AWS::Region'
S3Key: emr-block-public-access-lambda.zip
Handler: index.handler
MemorySize: 128
Role:
'Fn::GetAtt':
- EmrBlockPublicAccessLambdaRole
- Arn
Runtime: nodejs16.x
Timeout: 120
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.