AWS Config
Developer Guide

emr-kerberos-enabled

Checks that Amazon EMR clusters have Kerberos enabled. The rule is NON_COMPLIANT if a security configuration is not attached to the cluster or the security configuration does not satisfy the specified rule parameters.

Identifier: EMR_KERBEROS_ENABLED

Trigger type: Periodic

AWS Regions: All supported AWS regions

Parameters:

ticketLifetimeInHours (optional)

Period for which Kerberos ticket issued by cluster's KDC is valid.

realm (optional)

Kereberos realm name of the other realm in the trust relationship.

domain (optional)

Domain name of the other realm in the trust relationship.

adminServer (optional)

Fully qualified domain of the admin server in the other realm of the trust relationship.

kdcServer (optional)

Fully qualified domain of the KDC server in the other realm of the trust relationship.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.