AWS Data Pipeline
Developer Guide (API Version 2012-10-29)

Configure Hadoop KMS ACLs and create encryption zones in HDFS

The following objects create ACLs for Hadoop KMS and create encryption zones and corresponding encryption keys in HDFS:

{ "name": "kmsAcls", "id": "kmsAcls", "type": "EmrConfiguration", "classification": "hadoop-kms-acls", "property": [ {"ref":"kmsBlacklist"}, {"ref":"kmsAcl"} ] }, { "name": "hdfsEncryptionZone", "id": "hdfsEncryptionZone", "type": "EmrConfiguration", "classification": "hdfs-encryption-zones", "property": [ {"ref":"hdfsPath1"}, {"ref":"hdfsPath2"} ] }, { "name": "kmsBlacklist", "id": "kmsBlacklist", "type": "Property", "key": "hadoop.kms.blacklist.CREATE", "value": "foo,myBannedUser" }, { "name": "kmsAcl", "id": "kmsAcl", "type": "Property", "key": "hadoop.kms.acl.ROLLOVER", "value": "myAllowedUser" }, { "name": "hdfsPath1", "id": "hdfsPath1", "type": "Property", "key": "/myHDFSPath1", "value": "path1_key" }, { "name": "hdfsPath2", "id": "hdfsPath2", "type": "Property", "key": "/myHDFSPath2", "value": "path2_key" }