Amazon EMR
Management Guide

Configure Access to Cluster Resources

Amazon EMR provides several ways for you to control access to AWS resources that clusters use:

  • IAM policies allow or deny permissions to users to perform actions.

  • The Amazon EMR service role, instance profile, and service-based role control how Amazon EMR is able to access other AWS services.

  • Security groups act as a virtual firewall for Amazon EMR cluster instances, controlling inbound and outbound traffic.

  • SSH keys allow users to connect to an Amazon EMR cluster's master node.

  • System directory permissions for Hadoop allow you to enable users other than the "hadoop user" to submit jobs to an Amazon EMR cluster.

Access control works in tandem with data encryption. A solid defense strategy includes both components. For more information about setting up data encryption, see Data Encryption in the Amazon EMR Release Guide.