3 The IdP generates a SAML authentication response that includes assertions

3 the idp generates a saml authentication response

This preview shows page 250 - 253 out of 395 pages.

3. The IdP generates a SAML authentication response that includes assertions that identify the user and include attributes about the user. 4. The client browser posts the SAML assertion to the proxy agent. 244
Image of page 250
Amazon EMR Management Guide Supported Applications and Features 5. The proxy agent requests user-specific temporary security credentials from AWS Lake Formation on behalf of the user. The temporary security credentials are sent back to the proxy agent. 6. The proxy agent stores the user-specific temporary security credentials in the secret agent. The secret agent sends the temporary user credentials to the secret agents in core and task nodes. 7. The proxy agent enables successful user login. 8. When the user runs a Spark job by using the EMR notebook or Zeppelin, the record server calls the secret agent to obtain temporary user credentials. 9. The record server reads and filters data from Amazon S3 based on the policies defined in Lake Formation. From the user's perspective, this process happens transparently. The user starts at your organization's authentication page and ends up at the EMR notebook or Zeppelin through the browser without ever having to supply any AWS credentials. Supported Applications and Features Supported Applications The integration between Amazon EMR and AWS Lake Formation supports the following applications: Apache Spark Apache Zeppelin Amazon EMR notebooks Important Other applications are currently not supported. To ensure the security of your cluster, do not install applications other than those in this list. Supported Features The following Amazon EMR features can be used with EMR and Lake Formation: Encryption at rest and in transit Kerberos authentication using a cluster-dedicated KDC Instance groups, instance fleets, and spot instances Reconfiguring applications on a running cluster The following EMR features currently do not work with Lake Formation integration: • Steps Multiple master nodes EMRFS consistent view EMRFS CSE-C and SSE-C using customer-provided encryption keys Limitations Consider the following limitations when using Amazon EMR with AWS Lake Formation: In Lake Formation enabled clusters, Spark SQL can only read from data managed by AWS Glue Data Catalog and cannot access data managed outside of AWS Glue or Lake Formation. Data from other 245
Image of page 251
Amazon EMR Management Guide Before You Begin sources can be accessed using non-Spark SQL operations if the IAM role for other AWS Services chosen during cluster deployment has policies in place allowing the cluster to access those data sources. For example, you might have two Amazon S3 buckets and an Amazon DynamoDB table that you want your Spark job to access in addition to a set of Lake Formation tables. In this case, you could create a role that can access the two Amazon S3 buckets, and the Amazon DynamoDB table and use it for the IAM role for other AWS services when launching your cluster.
Image of page 252
Image of page 253

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes