Upcoming Features

Overview

Create an EMR cluster security configuration to configure data encryption at-rest and in-transit as well as Kerberos authentication. Security configurations are then specified when creating a new cluster, and can be re-used it for any number of clusters.

The following security settings can be configured:

  • S3 Encryption: Determine how Amazon EMR encrypts Amazon S3 data with EMRFS.
  • Local Disk Encryption: Specify how data on EMR clusters is encrypted.
  • In-Transit Encryption: Enable the open-source TLS encryption features for in-transit data.
  • Kerberos Authentication: Amazon EMR can utilize Kerberos for the applications, components, and subsystems that it installs on the cluster so that they are authenticated with each other.

Configuration Templates

Items
2
Size
1.1 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  EmrSecurityConfiguration:
    Type: 'AWS::EMR::SecurityConfiguration'
    Properties:
      Name: EMR Security Configuration
      SecurityConfiguration:
        EncryptionConfiguration:
          AtRestEncryptionConfiguration:
            S3EncryptionConfiguration:
              EncryptionMode: SSE-KMS
              AwsKmsKey:
                Ref: S3KmsCmk
          EnableAtRestEncryption: true
          EnableInTransitEncryption: false
  S3KmsCmk:
    Type: 'AWS::KMS::Key'
    Properties:
      EnableKeyRotation: true
      Description: KMS Key for S3 encryption
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS:
                'Fn::Join':
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: 'AWS::AccountId'
                    - ':root'
            Action: 'kms:*'
            Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field

Sources and Documentation

Configuration Source: AWS Documentation: Use EMR Security Configurations to Set Up Cluster Security

Additional Documentation: