CfnSecurityConfigurationProps

class aws_cdk.aws_emr.CfnSecurityConfigurationProps(*, security_configuration, name=None)

Bases: object

Properties for defining a CfnSecurityConfiguration.

Parameters:
  • security_configuration (Any) – The security configuration details in JSON format. For JSON parameters and examples, see Use Security Configurations to Set Up Cluster Security in the Amazon EMR Management Guide .

  • name (Optional[str]) – The name of the security configuration.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html

ExampleMetadata:

infused

Example:

import aws_cdk.aws_emr as emr


cfn_security_configuration = emr.CfnSecurityConfiguration(self, "EmrSecurityConfiguration",
    name="AddStepRuntimeRoleSecConfig",
    security_configuration=JSON.parse("""
            {
              "AuthorizationConfiguration": {
                  "IAMConfiguration": {
                      "EnableApplicationScopedIAMRole": true,
                      "ApplicationScopedIAMRoleConfiguration":
                          {
                              "PropagateSourceIdentity": true
                          }
                  },
                  "LakeFormationConfiguration": {
                      "AuthorizedSessionTagValue": "Amazon EMR"
                  }
              }
            }""")
)

task = tasks.EmrCreateCluster(self, "Create Cluster",
    instances=tasks.EmrCreateCluster.InstancesConfigProperty(),
    name=sfn.TaskInput.from_json_path_at("$.ClusterName").value,
    security_configuration=cfn_security_configuration.name
)

execution_role = iam.Role(self, "Role",
    assumed_by=iam.ArnPrincipal(task.cluster_role.role_arn)
)

execution_role.assume_role_policy.add_statements(
    iam.PolicyStatement(
        effect=iam.Effect.ALLOW,
        principals=[task.cluster_role
        ],
        actions=["sts:SetSourceIdentity"
        ]
    ),
    iam.PolicyStatement(
        effect=iam.Effect.ALLOW,
        principals=[task.cluster_role
        ],
        actions=["sts:TagSession"
        ],
        conditions={
            "StringEquals": {
                "aws:RequestTag/LakeFormationAuthorizedCaller": "Amazon EMR"
            }
        }
    ))

tasks.EmrAddStep(self, "Task",
    cluster_id="ClusterId",
    execution_role_arn=execution_role.role_arn,
    name="StepName",
    jar="Jar",
    action_on_failure=tasks.ActionOnFailure.CONTINUE
)

Attributes

name

The name of the security configuration.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html#cfn-emr-securityconfiguration-name

security_configuration

The security configuration details in JSON format.

For JSON parameters and examples, see Use Security Configurations to Set Up Cluster Security in the Amazon EMR Management Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-securityconfiguration.html#cfn-emr-securityconfiguration-securityconfiguration