Amazon EMR
Management Guide

Specify a Security Configuration for a Cluster

You can specify encryption settings when you create a cluster by specifying the security configuration. You can use the AWS Management Console or the AWS CLI.

Specifying a Security Configuration Using the Console

When using the AWS console to create an Amazon EMR cluster, you choose the security configuration during Step 4: Security of the advanced options creation process.

  1. Sign in to the AWS Management Console and open the Amazon EMR console at

  2. Choose Create cluster, Go to advanced options.

  3. On theStep 1: Software and Steps screen, from the Release list, choose emr-4.8.0 or a more recent release. Choose the settings you want and choose Next.

  4. On the Step 2: Hardware screen, choose the settings you want and choose Next. Do the same for Step 3: General Cluster Settings.

  5. On the Step 4: Security screen, under Encryption Options, choose a value for Security configuration.

  6. Configure other security options as desired and choose Create cluster.

Specifying a Security Configuration Using the CLI

When you use aws emr create-cluster, you can optionally apply a security configuration using --security-configuration MySecConfig, where MySecConfig is the name of the security configuration, as shown in the following example. The --release-label specified must be 4.8.0 or later and the --instance-type can be any available.

aws emr create-cluster --instance-type m3.xlarge --release-label emr-5.0.0 --security-configuration mySecConfig