CfnSecurityConfigurationProps
- class aws_cdk.aws_emr.CfnSecurityConfigurationProps(*, security_configuration, name=None)
Bases:
objectProperties for defining a
CfnSecurityConfiguration.- Parameters:
security_configuration (
Any) – The security configuration details in JSON format.name (
Optional[str]) – The name of the security configuration.
- See:
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_emr as emr cfn_security_configuration = emr.CfnSecurityConfiguration(self, "EmrSecurityConfiguration", name="AddStepRuntimeRoleSecConfig", security_configuration=JSON.parse(""" { "AuthorizationConfiguration": { "IAMConfiguration": { "EnableApplicationScopedIAMRole": true, "ApplicationScopedIAMRoleConfiguration": { "PropagateSourceIdentity": true } }, "LakeFormationConfiguration": { "AuthorizedSessionTagValue": "Amazon EMR" } } }""") ) task = tasks.EmrCreateCluster(self, "Create Cluster", instances=tasks.EmrCreateCluster.InstancesConfigProperty(), name=sfn.TaskInput.from_json_path_at("$.ClusterName").value, security_configuration=cfn_security_configuration.name ) execution_role = iam.Role(self, "Role", assumed_by=iam.ArnPrincipal(task.cluster_role.role_arn) ) execution_role.assume_role_policy.add_statements( iam.PolicyStatement( effect=iam.Effect.ALLOW, principals=[task.cluster_role ], actions=["sts:SetSourceIdentity" ] ), iam.PolicyStatement( effect=iam.Effect.ALLOW, principals=[task.cluster_role ], actions=["sts:TagSession" ], conditions={ "StringEquals": { "aws:RequestTag/LakeFormationAuthorizedCaller": "Amazon EMR" } } )) tasks.EmrAddStep(self, "Task", cluster_id="ClusterId", execution_role_arn=execution_role.role_arn, name="StepName", jar="Jar", action_on_failure=tasks.ActionOnFailure.CONTINUE )
Attributes
- name
The name of the security configuration.
- security_configuration
The security configuration details in JSON format.