This preview shows page 152 - 154 out of 395 pages.
Configure IAM Roles for EMRFS Requests to Amazon S3 (p. 197).KerberosYou can set up Kerberos to provide strong authentication through secret-key cryptography. For moreinformation, see Use Kerberos Authentication (p. 215).Lake FormationYou can use Lake Formation permissions together with the AWS Glue Data Catalog to provide fine-grained, column-level access to databases and tables in the AWS Glue Data Catalog. Lake Formationenables federated single sign-on to EMR Notebooks or Apache Zeppelin from an enterprise identitysystem. For more information, see Integrating Amazon EMR with AWS Lake Formation (Beta) (p. 240).Secure Socket Shell (SSH)SSH helps provide a secure way for users to connect to the command line on cluster instances. It alsoprovides tunneling to view web interfaces that applications host on the master node. Clients canauthenticate using Kerberos or an Amazon EC2 key pair. For more information, see Use an Amazon EC2Key Pair for SSH Credentials (p. 214) and Connect to the Cluster (p. 313).Amazon EC2 Security GroupsSecurity groups act as a virtual firewall for EMR cluster instances, limiting inbound and outboundnetwork traﬃc. For more information, see Control Network Traﬃc with Security Groups (p. 258).Updates to the default Amazon Linux AMI forAmazon EMRWhen an Amazon EC2 instance in a cluster that is based on the default Amazon Linux AMI for AmazonEMR boots for the first time, critical security updates are installed by default. Other updates are notinstalled. Depending on the security posture of your application and the length of time that a clusterruns, you may choose to periodically reboot your cluster to apply security updates, or create a bootstrapaction to customize package installation and updates. You may also choose to test and then install selectsecurity updates on running cluster instances. For more information, see Using the Default Amazon LinuxAMI for Amazon EMR (p. 92).146
Amazon EMR Management GuideUse Security Configurations to Set Up Cluster SecurityUse Security Configurations to Set Up ClusterSecurityWith Amazon EMR release version 4.8.0 or later, you can use security configurations to configure dataencryption, Kerberos authentication (available in release version 5.10.0 and later), and Amazon S3authorization for EMRFS (available in release version 5.10.0 or later).After you create a security configuration, you specify it when you create a cluster, and you can re-use itfor any number of clusters.You can use the console, the AWS Command Line Interface (AWS CLI), or the AWS SDKs to createsecurity configurations. You can also use an AWS CloudFormation template to create a securityconfiguration. For more information, see AWS CloudFormation User Guide and the template referencefor AWS::EMR::SecurityConfiguration.Topics•Create a Security Configuration (p. 147)•Specify a Security Configuration for a Cluster (p. 163)Create a Security ConfigurationThis topic covers general procedures for creating a security configuration using the EMR console and the
As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.
Temple University Fox School of Business ‘17, Course Hero Intern
I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.
University of Pennsylvania ‘17, Course Hero Intern
The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.
Tulane University ‘16, Course Hero Intern
Stuck? We have tutors online 24/7 who can help you get unstuck.
Ask Expert Tutors
You can ask
You can ask
You can ask
(will expire )