Amazon EMR
Management Guide

Encrypt Data in Transit and at Rest

Data encryption helps prevent unauthorized users from reading data on a cluster and associated data storage systems. This includes data saved to persistent media, known as data at-rest, and data that may be intercepted as it travels the network, known as data in-transit.

Beginning with Amazon EMR version 4.8.0, you can use Amazon EMR security configurations to configure data encryption settings for clusters more easily. Security configurations offer settings to enable security for data in-transit and data at-rest in Amazon Elastic Block Store (Amazon EBS) storage volumes and EMRFS on Amazon S3. In addition, beginning with Amazon EMR version 5.7.0, you can specify a custom AMI with an encrypted EBS root device volume. This configuration is independent from security configurations. For more information, see Using a Custom AMI in the Amazon EMR Management Guide.