AWS CLI followed by a reference for the parameters that comprise encryption

Aws cli followed by a reference for the parameters

This preview shows page 153 - 155 out of 395 pages.

AWS CLI, followed by a reference for the parameters that comprise encryption, authentication, and IAM roles for EMRFS. For more information about these features, see the following topics: Encrypt Data at Rest and in Transit (p. 164) Use Kerberos Authentication (p. 215) Configure IAM Roles for EMRFS Requests to Amazon S3 (p. 197) To create a security configuration using the console 1. Open the Amazon EMR console at . 2. In the navigation pane, choose Security Configurations , Create security configuration . 3. Type a Name for the security configuration. 4. Choose options for Encryption and Authentication as described in the sections below and then choose Create . To create a security configuration using the AWS CLI Use the create-security-configuration command as shown in the following example. • For SecConfigName , specify the name of the security configuration. This is the name you specify when you create a cluster that uses this security configuration. • For SecConfigDef , specify an inline JSON structure or the path to a local JSON file, such as . The JSON parameters define options for Encryption , IAM Roles for EMRFS access to Amazon S3 , and Authentication as described in the sections below. aws emr create-security-configuration --name " SecConfigName " --security- configuration SecConfigDef 147
Image of page 153
Amazon EMR Management Guide Create a Security Configuration Configure Data Encryption Before you configure encryption in a security configuration, create the keys and certificates that are used for encryption. For more information, see Providing Keys for Encrypting Data at Rest with Amazon EMR (p. 168) and Providing Certificates for Encrypting Data in Transit with Amazon EMR Encryption (p. 171) . When you create a security configuration, you specify two sets of encryption options: at-rest data encryption and in-transit data encryption. Options for at-rest data encryption include both Amazon S3 with EMRFS and local-disk encryption. In-transit encryption options enable the open-source encryption features for certain applications that support Transport Layer Security (TLS). At-rest options and in- transit options can be enabled together or separately. For more information, see Encrypt Data at Rest and in Transit (p. 164) . Specifying Encryption Options Using the Console Choose options under Encryption according to the following guidelines. Choose options under At rest encryption to encrypt data stored within the file system. You can choose to encrypt data in Amazon S3, local disks, or both. • Under S3 data encryption , for Encryption mode , choose a value to determine how Amazon EMR encrypts Amazon S3 data with EMRFS. What you do next depends on the encryption mode you chose: SSE-S3 Specifies Server-side encryption with Amazon S3-managed encryption keys . You don't need to do anything more because Amazon S3 handles keys for you.
Image of page 154
Image of page 155

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors