Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » Amazon EMR Resource Types Reference » AWS::EMR::SecurityConfiguration

AWS::EMR::SecurityConfiguration

The AWS::EMR::SecurityConfiguration resource creates a security configuration that is stored in the Amazon EMR web service. You can specify the security configuration when creating a cluster. For more information, see Specifying Amazon EMR Encryption Options Using a Security Configuration in the Amazon EMR Release Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EMR::SecurityConfiguration",
  "Properties" : {
    "Name" : String,
    "SecurityConfiguration" : String
  }
}

YAML

Type: AWS::EMR::SecurityConfiguration
Properties: 
  Name: String
  SecurityConfiguration: String

Properties

For more information about each property, including constraints and valid values, see CreateSecurityConfiguration in the Amazon EMR API Reference.

Name

The name of the security configuration. For a list of valid parameters for encryption settings, see AWS CLI Security Configuration JSON Reference in the Amazon EMR Release Guide.

Required: No

Type: String

Update requires: Replacement

SecurityConfiguration

The security configuration details in JSON format.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the security configuration name, such as mySecurityConfiguration.

For more information about using the Ref function, see Ref.

Example

The following example enables both in-transit data encryption and local disk encryption, as well as specifying Kerberos attributes. For additional encryption configuration examples, see Creating a Security Configuration Using the AWS CLI in the Amazon EMR Release Guide.

JSON

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "securityConfiguration": {
            "Type": "AWS::EMR::SecurityConfiguration",
            "Properties": {
                "SecurityConfiguration": {
                    "EncryptionConfiguration": {
                        "EnableInTransitEncryption": true,
                        "EnableAtRestEncryption": true,
                        "InTransitEncryptionConfiguration": {
                            "TLSCertificateConfiguration": {
                                "CertificateProviderType": "PEM",
                                "S3Object": "arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip"
                            }
                        },
                        "AtRestEncryptionConfiguration": {
                            "S3EncryptionConfiguration": {
                                "EncryptionMode": "SSE-KMS",
                                "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
                            },
                            "LocalDiskEncryptionConfiguration": {
                                "EncryptionKeyProviderType": "AwsKms",
                                "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
                            }
                        }
                    },
                    "AuthenticationConfiguration": {
                        "KerberosConfiguration": {
                            "Provider": "ClusterDedicatedKdc",
                            "ClusterDedicatedKdcConfiguration": {
                                "TicketLifetimeInHours": 24,
                                "CrossRealmTrustConfiguration": {
                                    "Realm": "AD.DOMAIN.COM",
                                    "Domain": "ad.domain.com",
                                    "AdminServer": "ad.domain.com",
                                    "KdcServer": "ad.domain.com"
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Resources:
  securityConfiguration:
    Type: AWS::EMR::SecurityConfiguration
    Properties:
      SecurityConfiguration:
        EncryptionConfiguration:
          EnableInTransitEncryption: true
          EnableAtRestEncryption: true
          InTransitEncryptionConfiguration:
            TLSCertificateConfiguration:
              CertificateProviderType: PEM
              S3Object: 'arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip'
          AtRestEncryptionConfiguration:
            S3EncryptionConfiguration:
              EncryptionMode: SSE-KMS
              AwsKmsKey: >-
                arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
            LocalDiskEncryptionConfiguration:
              EncryptionKeyProviderType: AwsKms
              AwsKmsKey: >-
                arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
        AuthenticationConfiguration:
          KerberosConfiguration:
            Provider: ClusterDedicatedKdc
            ClusterDedicatedKdcConfiguration:
              TicketLifetimeInHours: 24
              CrossRealmTrustConfiguration:
                Realm: AD.DOMAIN.COM
                Domain: ad.domain.com
                AdminServer: ad.domain.com
                KdcServer: ad.domain.com