Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::EMR::SecurityConfiguration

The AWS::EMR::SecurityConfiguration resource creates a security configuration that is stored in the Amazon EMR web service. You can specify the security configuration when creating a cluster. For more information, see Specifying Amazon EMR Encryption Options Using a Security Configuration in the Amazon EMR Release Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EMR::SecurityConfiguration", "Properties" : { "Name" : String, "SecurityConfiguration" : String } }

YAML

Type: "AWS::EMR::SecurityConfiguration" Properties: Name: String SecurityConfiguration: String

Properties

For more information about each property, including constraints and valid values, see CreateSecurityConfiguration in the Amazon EMR API Reference.

Name

The name of the security configuration. For a list of valid parameters for encryption settings, see AWS CLI Security Configuration JSON Reference in the Amazon EMR Release Guide.

Required: No

Type: String

Update requires: Replacement

SecurityConfiguration

The security configuration details in JSON format.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the security configuration name, such as mySecurityConfiguration.

For more information about using the Ref function, see Ref.

Example

The following example enables both in-transit data encryption and local disk encryption. For additional encryption configuration examples, see Creating a Security Configuration Using the AWS CLI in the Amazon EMR Release Guide.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "securityConfiguration": { "Type": "AWS::EMR::SecurityConfiguration", "Properties": { "SecurityConfiguration": { "EncryptionConfiguration": { "EnableInTransitEncryption": true, "EnableAtRestEncryption": true, "InTransitEncryptionConfiguration": { "TLSCertificateConfiguration": { "CertificateProviderType": "PEM", "S3Object": "arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip" } }, "AtRestEncryptionConfiguration": { "S3EncryptionConfiguration": { "EncryptionMode": "SSE-KMS", "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" }, "LocalDiskEncryptionConfiguration": { "EncryptionKeyProviderType": "AwsKms", "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" } } } } } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Resources: securityConfiguration: Type: 'AWS::EMR::SecurityConfiguration' Properties: SecurityConfiguration: EncryptionConfiguration: EnableInTransitEncryption: true EnableAtRestEncryption: true InTransitEncryptionConfiguration: TLSCertificateConfiguration: CertificateProviderType: PEM S3Object: 'arn:aws:s3:::MyConfigStore/artifacts/MyCerts.zip' AtRestEncryptionConfiguration: S3EncryptionConfiguration: EncryptionMode: SSE-KMS AwsKmsKey: >- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 LocalDiskEncryptionConfiguration: EncryptionKeyProviderType: AwsKms AwsKmsKey: >- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012