Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::EMR::SecurityConfiguration

The AWS::EMR::SecurityConfiguration resource creates a security configuration that is stored in the Amazon EMR web service. You can specify the security configuration when creating a cluster. For more information, see Specifying Amazon EMR Encryption Options Using a Security Configuration in the Amazon EMR Release Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::EMR::SecurityConfiguration", "Properties" : { "Name" : String, "SecurityConfiguration" : String } }

YAML

Copy
Type: "AWS::EMR::SecurityConfiguration" Properties: Name: String SecurityConfiguration: String

Properties

For more information about each property, including constraints and valid values, see CreateSecurityConfiguration in the Amazon EMR API Reference.

Name

The name of the security configuration. For a list of valid parameters for encryption settings, see AWS CLI Security Configuration JSON Reference in the Amazon EMR Release Guide.

Required: No

Type: String

Update requires: Replacement

SecurityConfiguration

The security configuration details in JSON format.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the cluster ID, such as j-1ABCD123AB1A.

For more information about using the Ref function, see Ref.

Example

The following example enables both in-transit data encryption and local disk encryption. For additional encryption configuration examples, see Creating a Security Configuration Using the AWS CLI in the Amazon EMR Release Guide.

JSON

Copy
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "securityConfiguration": { "Type": "AWS::EMR::SecurityConfiguration", "Properties": { "SecurityConfiguration": { "EncryptionConfiguration": { "EnableInTransitEncryption": true, "EnableAtRestEncryption": true, "InTransitEncryptionConfiguration": { "TLSCertificateConfiguration": { "CertificateProviderType": "PEM", "S3Object": "arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip" } }, "AtRestEncryptionConfiguration": { "S3EncryptionConfiguration": { "EncryptionMode": "SSE-KMS", "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" }, "LocalDiskEncryptionConfiguration": { "EncryptionKeyProviderType": "AwsKms", "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" } } } } } } } }

YAML

Copy
AWSTemplateFormatVersion: 2010-09-09 Resources: securityConfiguration: Type: 'AWS::EMR::SecurityConfiguration' Properties: SecurityConfiguration: EncryptionConfiguration: EnableInTransitEncryption: true EnableAtRestEncryption: true InTransitEncryptionConfiguration: TLSCertificateConfiguration: CertificateProviderType: PEM S3Object: 'arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip' AtRestEncryptionConfiguration: S3EncryptionConfiguration: EncryptionMode: SSE-KMS AwsKmsKey: >- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 LocalDiskEncryptionConfiguration: EncryptionKeyProviderType: AwsKms AwsKmsKey: >- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012