Menu
Amazon EMR
Amazon EMR Release Guide

Data Encryption

Data encryption helps prevent unauthorized users from reading data on a cluster and associated data storage systems. This includes data saved to persistent media, known as data at-rest, and data that may be intercepted as it travels the network, known as data in-transit.

Beginning with Amazon EMR version 4.8.0, you can use Amazon EMR security configurations to configure data encryption settings for clusters more easily. Security configurations offer settings to enable security for data in-transit and data at-rest in Amazon Elastic Block Store (Amazon EBS) storage volumes and EMRFS on Amazon S3. In addition, beginning with Amazon EMR version 5.7.0, you can specify a custom AMI with an encrypted EBS root device volume. This is a separate setting from security configurations. For more information, see Using a Custom AMI in the Amazon EMR Management Guide.

Data encryption works in tandem with access control. A solid defense strategy includes both components. For more information about setting up access control, see Configure Access to the Cluster in the Amazon EMR Management Guide.