Interface CfnSecurityConfigurationProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnSecurityConfigurationProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.104.0 (build e79254c)", date="2024-12-11T23:26:33.614Z") @Stability(Stable) public interface CfnSecurityConfigurationProps extends software.amazon.jsii.JsiiSerializable
Properties for defining a CfnSecurityConfiguration.

Example:

 import software.amazon.awscdk.services.emr.*;
 CfnSecurityConfiguration cfnSecurityConfiguration = CfnSecurityConfiguration.Builder.create(this, "EmrSecurityConfiguration")
         .name("AddStepRuntimeRoleSecConfig")
         .securityConfiguration(JSON.parse("\n    {\n      \"AuthorizationConfiguration\": {\n          \"IAMConfiguration\": {\n              \"EnableApplicationScopedIAMRole\": true,\n              \"ApplicationScopedIAMRoleConfiguration\":\n                  {\n                      \"PropagateSourceIdentity\": true\n                  }\n          },\n          \"LakeFormationConfiguration\": {\n              \"AuthorizedSessionTagValue\": \"Amazon EMR\"\n          }\n      }\n    }"))
         .build();
 EmrCreateCluster task = EmrCreateCluster.Builder.create(this, "Create Cluster")
         .instances(InstancesConfigProperty.builder().build())
         .name(TaskInput.fromJsonPathAt("$.ClusterName").getValue())
         .securityConfiguration(cfnSecurityConfiguration.getName())
         .build();
 Role executionRole = Role.Builder.create(this, "Role")
         .assumedBy(new ArnPrincipal(task.getClusterRole().getRoleArn()))
         .build();
 executionRole.assumeRolePolicy.addStatements(
 PolicyStatement.Builder.create()
         .effect(Effect.ALLOW)
         .principals(List.of(task.getClusterRole()))
         .actions(List.of("sts:SetSourceIdentity"))
         .build(),
 PolicyStatement.Builder.create()
         .effect(Effect.ALLOW)
         .principals(List.of(task.getClusterRole()))
         .actions(List.of("sts:TagSession"))
         .conditions(Map.of(
                 "StringEquals", Map.of(
                         "aws:RequestTag/LakeFormationAuthorizedCaller", "Amazon EMR")))
         .build());
 EmrAddStep.Builder.create(this, "Task")
         .clusterId("ClusterId")
         .executionRoleArn(executionRole.getRoleArn())
         .name("StepName")
         .jar("Jar")
         .actionOnFailure(ActionOnFailure.CONTINUE)
         .build();
 

See Also: