Amazon EMR
Amazon EMR Release Guide

Data Encryption

Data encryption helps prevent unauthorized users from reading data on a cluster and associated data storage systems. This includes data saved to persistent media, known as data at-rest, and data that may be intercepted as it travels the network, known as data in-transit.

Beginning with Amazon EMR version 4.8.0, you can use Amazon EMR security configurations to configure data encryption settings for clusters more easily. In earlier versions of Amazon EMR, you had to specify Amazon S3 encryption options individually as part of a cluster configuration. We recommend using security configurations because it simplifies setup, allows you to reuse security configurations, and provides additional encryption options.

Data encryption works in tandem with access control. A solid defense strategy includes both components. For more information about setting up access control, see Configure Access to the Cluster in the Amazon EMR Management Guide.