5 On the Step 4 Security screen under Encryption Options choose a value for

5 on the step 4 security screen under encryption

This preview shows page 169 - 171 out of 395 pages.

5. On the Step 4: Security screen, under Encryption Options , choose a value for Security configuration . 6. Configure other security options as desired and choose Create cluster . Specifying a Security Configuration Using the CLI When you use aws emr create-cluster , you can optionally apply a security configuration using --security-configuration MySecConfig , where MySecConfig is the name of the security configuration, as shown in the following example. The --release-label specified must be 4.8.0 or later and the --instance-type can be any available. aws emr create-cluster --instance-type m5.xlarge --release-label emr-5.0.0 --security- configuration mySecConfig Data Protection in Amazon EMR Amazon EMR conforms to the AWS shared responsibility model , which includes regulations and guidelines for data protection. AWS is responsible for protecting the global infrastructure that runs all the AWS services. AWS maintains control over data hosted on this infrastructure, including the security configuration controls for handling customer content and personal data. AWS customers and APN partners, acting either as data controllers or data processors, are responsible for any personal data that they put in the AWS Cloud. For data protection purposes, we recommend that you protect AWS account credentials and set up individual user accounts with AWS Identity and Access Management (IAM), so that each user is given only the permissions necessary to fulfill their job duties. We also recommend that you secure your data in the following ways: Use Amazon EMR encryption options to encrypt data at rest and in transit. For more information, see Encrypt Data at Rest and in Transit (p. 164) . Use multi-factor authentication (MFA) with each account. Use SSL/TLS to communicate with AWS resources. Set up API and user activity logging with AWS CloudTrail. 163
Image of page 169
Amazon EMR Management Guide Encrypt Data at Rest and in Transit Use advanced managed security services such as Amazon Macie, which assists in discovering and securing personal data that is stored in Amazon S3. We strongly recommend that you never put sensitive identifying information, such as your customers' account numbers, into free-form fields such as a Name field. This includes when you work with Amazon EMR or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into Amazon EMR or other services might get picked up for inclusion in diagnostic logs. When you provide a URL to an external server, don't include credentials information in the URL to validate your request to that server. For more information about data protection, see the AWS Shared Responsibility Model and GDPR blog post on the AWS Security Blog . Encrypt Data at Rest and in Transit Data encryption helps prevent unauthorized users from reading data on a cluster and associated data storage systems. This includes data saved to persistent media, known as data at rest , and data that may be intercepted as it travels the network, known as data in transit .
Image of page 170
Image of page 171

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes