Amazon EMR
Management Guide

Launch an Amazon EMR cluster with Lake Formation using the console

  1. Create a security configuration that specifies the AWS Lake Formation integration option:

    1. In the Amazon EMR console, select Security configurations, Create.

    2. Type a Name for the security configuration. You use this name to specify the security configuration when you create a cluster.

    3. Under AWS Lake Formation integration, select Enable fine-grained access control managed by AWS Lake Formation.

    4. Select an IAM role for AWS Lake Formation to apply.


      For more information, see Overview of the IAM Roles for Lake Formation.

    5. Select an IAM role for other AWS services to apply.

    6. Upload your identify provider (IdP) metadata by specifying the S3 path where the metadata is located.

    7. Set up other security configuration options as appropriate and choose Create. You must enable Kerberos authentication using the cluster-dedicated KDC. For more information, see Configure EMR Security Features.

  2. Launch a cluster with the security configuration that you specified in the previous step. For more information, see Specify a Security Configuration for a Cluster.