SSE KMS or CSE KMS Specifies server side encryption with AWS KMS managed keys

Sse kms or cse kms specifies server side encryption

This preview shows page 154 - 156 out of 395 pages.

SSE-KMS or CSE-KMS Specifies server-side encryption with AWS KMS-managed keys (SSE-KMS) or client-side encryption with AWS KMS-managed keys (CSE-KMS) . For AWS KMS Key , select a key. The key must exist in the same region as your EMR cluster. For key requirements, see Using AWS KMS Customer Master Keys (CMKs) for Encryption (p. 168) . CSE-Custom Specifies client-side encryption using a custom client-side master key (CSE-Custom) . For S3 object , enter the location in Amazon S3, or the Amazon S3 ARN, of your custom key-provider JAR file. Then, for Key provider class , enter the full class name of a class declared in your application that implements the EncryptionMaterialsProvider interface. • Under Local disk encryption , choose a value for Key provider type . AWS KMS Select this option to specify an AWS KMS customer master key (CMK). For AWS KMS customer master key , select a key. The key must exist in the same region as your EMR cluster. For more information about key requirements, see Using AWS KMS Customer Master Keys (CMKs) for Encryption (p. 168) . EBS Encryption When you specify AWS KMS as your key provider, you can enable EBS encryption to encrypt EBS root device and storage volumes. To enable such option, you must grant the EMR service role EMR_DefaultRole with permissions to use the customer master key (CMK) that you specify. For more information about key requirements, see Enabling EBS Encryption by Providing Additional Permissions for AWS KMS CMKs (p. 169) . Custom 148
Image of page 154
Amazon EMR Management Guide Create a Security Configuration Select this option to specify a custom key provider. For S3 object , enter the location in Amazon S3, or the Amazon S3 ARN, of your custom key-provider JAR file. For Key provider class , enter the full class name of a class declared in your application that implements the EncryptionMaterialsProvider interface. The class name you provide here must be different from the class name provided for CSE- Custom. • Choose In-transit encryption to enable the open-source TLS encryption features for in-transit data. Choose a Certificate provider type according to the following guidelines: PEM Select this option to use PEM files that you provide within a zip file. Two artifacts are required within the zip file: privateKey.pem and certificateChain.pem. A third file, trustedCertificates.pem, is optional. See Providing Certificates for Encrypting Data in Transit with Amazon EMR Encryption (p. 171) for details. For S3 object , specify the location in Amazon S3, or the Amazon S3 ARN, of the zip file field. Custom Select this option to specify a custom certificate provider and then, for S3 object , enter the location in Amazon S3, or the Amazon S3 ARN, of your custom certificate-provider JAR file. For Key provider class , enter the full class name of a class declared in your application that implements the TLSArtifactsProvider interface.
Image of page 155
Image of page 156

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors