AWS Amazon EMR Security Configuration

This page shows how to write Terraform and CloudFormation for Amazon EMR Security Configuration and write them securely.

aws_emr_security_configuration (Terraform)

The Security Configuration in Amazon EMR can be configured in Terraform with the resource name aws_emr_security_configuration. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_emr_security_configuration" "this" {
  configuration = var.configuration
  name          = var.name
  name_prefix   = var.name_prefix
}

main.tf#L1
resource "aws_emr_security_configuration" "fail" {
  name = "fail"

  configuration = <<EOF
{
  "EncryptionConfiguration": {
emr_security_configuration.tf#L4
resource "aws_emr_security_configuration" "emr_security_configuration" {
  count = var.enable_emr_security_configuration ? 1 : 0

  configuration = var.emr_security_configuration_configuration

  name        = var.emr_security_configuration_name
emr_security_configuration.tf#L4
resource "aws_emr_security_configuration" "emr_security_configuration" {
  count = var.enable_emr_security_configuration ? 1 : 0

  configuration = var.emr_security_configuration_configuration

  name        = var.emr_security_configuration_name
emr_security_configuration.tf#L4
resource "aws_emr_security_configuration" "emr_security_configuration" {
  count = var.enable_emr_security_configuration ? 1 : 0

  configuration = var.emr_security_configuration_configuration

  name        = var.emr_security_configuration_name

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a resource to manage AWS EMR Security Configurations

AWS::EMR::SecurityConfiguration (CloudFormation)

The SecurityConfiguration in EMR can be configured in CloudFormation with the resource name AWS::EMR::SecurityConfiguration. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

emr_cluster_with_misconfigured_at_rest_encryption.yml#L40
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableAtRestEncryption: true
          EnableInTransitEncryption: true
emr_cluster_with_misconfigured_in_transit_encryption.yml#L40
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableAtRestEncryption: true
          EnableInTransitEncryption: true
emr_cluster_with_misconfigured_in_transit_encryption.yml#L40
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableAtRestEncryption: true
          EnableInTransitEncryption: true
emr_cluster_with_disabled_encryption_options.yml#L40
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableAtRestEncryption: false
          EnableInTransitEncryption: true
emr_cluster_with_disabled_encryption_options.yml#L40
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableAtRestEncryption: false
          EnableInTransitEncryption: true
emr_cluster_with_disabled_encryption_options.json#L55
            "Type": "AWS::EMR::SecurityConfiguration",
            "Properties": {
                "SecurityConfiguration": {
                    "EncryptionConfiguration": {
                        "EnableAtRestEncryption": false,
                        "EnableInTransitEncryption": true
emr_cluster_with_disabled_encryption_options.json#L55
            "Type": "AWS::EMR::SecurityConfiguration",
            "Properties": {
                "SecurityConfiguration": {
                    "EncryptionConfiguration": {
                        "EnableAtRestEncryption": false,
                        "EnableInTransitEncryption": true
positive8.json#L4
      "Type": "AWS::EMR::SecurityConfiguration",
      "Properties": {
        "Name": "String",
        "SecurityConfiguration": {}
      }
    }
positive8.json#L4
      "Type": "AWS::EMR::SecurityConfiguration",
      "Properties": {
        "Name": "String",
        "SecurityConfiguration": {}
      }
    }
negative6.json#L13
      "Type": "AWS::EMR::SecurityConfiguration"
    }
  }
}

Parameters

Explanation in CloudFormation Registry

Use a SecurityConfiguration resource to configure data encryption, Kerberos authentication (available in Amazon EMR release version 5.

0 and later), and Amazon S3 authorization for EMRFS (available in EMR 5.

0 and later). You can re-use a security configuration for any number of clusters in your account. For more information and example security configuration JSON objects, see Create a Security Configuration in the Amazon EMR Management Guide.

Frequently asked questions

What is AWS Amazon EMR Security Configuration?

AWS Amazon EMR Security Configuration is a resource for Amazon EMR of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon EMR Security Configuration?

For Terraform, the niveklabs/aws, bridgecrewio/checkov and SebastianUA/terraform-aws-emr source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the stelligent/cfn_nag, gustcol/Canivete and stelligent/cfn_nag source code examples are useful. See the CloudFormation Example section for further details.