Amazon EMR
Management Guide

Configure Access to the Cluster

Amazon EMR provides several ways to control access to resources:

  • IAM users and roles provide permissions that allow users to perform actions.

  • The Amazon EMR service role and instance profile control how Amazon EMR is able to access other AWS services.

  • Security groups act as a virtual firewall for Amazon EMR cluster instances, controlling inbound and outbound traffic.

  • SSH keys allow users to connect to an Amazon EMR cluster's master node.

  • System directory permissions for Hadoop allow you to enable users other than the "hadoop user" to submit jobs to an Amazon EMR cluster.

Access control works in tandem with data encryption. A solid defense strategy includes both components. For more information about setting up data encryption, see Data Encryption in the Amazon EMR Release Guide.