Class CfnSecurityConfigurationProps

Properties for defining a CfnSecurityConfiguration.

Inheritance
object
CfnSecurityConfigurationProps
Inherited Members
Namespace: Amazon.CDK.AWS.EMR
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnSecurityConfigurationProps : ICfnSecurityConfigurationProps
Syntax (vb)
Public Class CfnSecurityConfigurationProps Implements ICfnSecurityConfigurationProps
Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html

ExampleMetadata: infused

Examples
using Amazon.CDK.AWS.EMR;


             var cfnSecurityConfiguration = new CfnSecurityConfiguration(this, "EmrSecurityConfiguration", new CfnSecurityConfigurationProps {
                 Name = "AddStepRuntimeRoleSecConfig",
                 SecurityConfiguration = JSON.Parse(@"
                     {
                       ""AuthorizationConfiguration"": {
                           ""IAMConfiguration"": {
                               ""EnableApplicationScopedIAMRole"": true,
                               ""ApplicationScopedIAMRoleConfiguration"":
                                   {
                                       ""PropagateSourceIdentity"": true
                                   }
                           },
                           ""LakeFormationConfiguration"": {
                               ""AuthorizedSessionTagValue"": ""Amazon EMR""
                           }
                       }
                     }")
             });

             var task = new EmrCreateCluster(this, "Create Cluster", new EmrCreateClusterProps {
                 Instances = new InstancesConfigProperty { },
                 Name = TaskInput.FromJsonPathAt("$.ClusterName").Value,
                 SecurityConfiguration = cfnSecurityConfiguration.Name
             });

             var executionRole = new Role(this, "Role", new RoleProps {
                 AssumedBy = new ArnPrincipal(task.ClusterRole.RoleArn)
             });

             executionRole.AssumeRolePolicy.AddStatements(
             new PolicyStatement(new PolicyStatementProps {
                 Effect = Effect.ALLOW,
                 Principals = new [] { task.ClusterRole },
                 Actions = new [] { "sts:SetSourceIdentity" }
             }),
             new PolicyStatement(new PolicyStatementProps {
                 Effect = Effect.ALLOW,
                 Principals = new [] { task.ClusterRole },
                 Actions = new [] { "sts:TagSession" },
                 Conditions = new Dictionary<string, object> {
                     { "StringEquals", new Dictionary<string, string> {
                         { "aws:RequestTag/LakeFormationAuthorizedCaller", "Amazon EMR" }
                     } }
                 }
             }));

             new EmrAddStep(this, "Task", new EmrAddStepProps {
                 ClusterId = "ClusterId",
                 ExecutionRoleArn = executionRole.RoleArn,
                 Name = "StepName",
                 Jar = "Jar",
                 ActionOnFailure = ActionOnFailure.CONTINUE
             });

Synopsis

Constructors

CfnSecurityConfigurationProps()

Properties for defining a CfnSecurityConfiguration.

Properties

Name

The name of the security configuration.
SecurityConfiguration

The security configuration details in JSON format.

Constructors

CfnSecurityConfigurationProps()

Properties for defining a CfnSecurityConfiguration.

public CfnSecurityConfigurationProps()
Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html

ExampleMetadata: infused

Examples
using Amazon.CDK.AWS.EMR;


             var cfnSecurityConfiguration = new CfnSecurityConfiguration(this, "EmrSecurityConfiguration", new CfnSecurityConfigurationProps {
                 Name = "AddStepRuntimeRoleSecConfig",
                 SecurityConfiguration = JSON.Parse(@"
                     {
                       ""AuthorizationConfiguration"": {
                           ""IAMConfiguration"": {
                               ""EnableApplicationScopedIAMRole"": true,
                               ""ApplicationScopedIAMRoleConfiguration"":
                                   {
                                       ""PropagateSourceIdentity"": true
                                   }
                           },
                           ""LakeFormationConfiguration"": {
                               ""AuthorizedSessionTagValue"": ""Amazon EMR""
                           }
                       }
                     }")
             });

             var task = new EmrCreateCluster(this, "Create Cluster", new EmrCreateClusterProps {
                 Instances = new InstancesConfigProperty { },
                 Name = TaskInput.FromJsonPathAt("$.ClusterName").Value,
                 SecurityConfiguration = cfnSecurityConfiguration.Name
             });

             var executionRole = new Role(this, "Role", new RoleProps {
                 AssumedBy = new ArnPrincipal(task.ClusterRole.RoleArn)
             });

             executionRole.AssumeRolePolicy.AddStatements(
             new PolicyStatement(new PolicyStatementProps {
                 Effect = Effect.ALLOW,
                 Principals = new [] { task.ClusterRole },
                 Actions = new [] { "sts:SetSourceIdentity" }
             }),
             new PolicyStatement(new PolicyStatementProps {
                 Effect = Effect.ALLOW,
                 Principals = new [] { task.ClusterRole },
                 Actions = new [] { "sts:TagSession" },
                 Conditions = new Dictionary<string, object> {
                     { "StringEquals", new Dictionary<string, string> {
                         { "aws:RequestTag/LakeFormationAuthorizedCaller", "Amazon EMR" }
                     } }
                 }
             }));

             new EmrAddStep(this, "Task", new EmrAddStepProps {
                 ClusterId = "ClusterId",
                 ExecutionRoleArn = executionRole.RoleArn,
                 Name = "StepName",
                 Jar = "Jar",
                 ActionOnFailure = ActionOnFailure.CONTINUE
             });

Properties

Name

The name of the security configuration.

public string? Name { get; set; }
Property Value

string

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html#cfn-emr-securityconfiguration-name

SecurityConfiguration

The security configuration details in JSON format.

public object SecurityConfiguration { get; set; }
Property Value

object

Remarks

For JSON parameters and examples, see Use Security Configurations to Set Up Cluster Security in the Amazon EMR Management Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html#cfn-emr-securityconfiguration-securityconfiguration

Implements