Specify a security configuration for a cluster - Amazon EMR

Specify a security configuration for a cluster

You can specify encryption settings when you create a cluster by specifying the security configuration. You can use the AWS Management Console or the AWS CLI.

Note

We’ve redesigned the Amazon EMR console to make it easier to use. See What's new with the console? to learn about the differences between the old and new console experiences.

New console
To specify a security configuration with the new console

  1. Sign in to the AWS Management Console, and open the Amazon EMR console at https://console.aws.amazon.com/emr.

  2. Under EMR on EC2 in the left navigation pane, choose Clusters, and then choose Create cluster.

  3. Under Security configuration and permissions, find the Security configuration field. Select the dropdown menu or choose Browse to select the name of a security configuration that you created previously. Alternatively, choose Create security configuration to create a configuration that you can use for your cluster.

  4. Choose any other options that apply to your cluster.

  5. To launch your cluster, choose Create cluster.

Old console
To specify a security configuration with the old console

  1. Open the Amazon EMR console at https://console.aws.amazon.com/emr.

  2. Choose Create cluster, Go to advanced options.

  3. On the Step 1: Software and Steps screen, from the Release list, choose emr-4.8.0 or a more recent release. Choose the settings you want and choose Next.

  4. On the Step 2: Hardware screen, choose the settings you want and choose Next. Do the same for Step 3: General Cluster Settings.

  5. On the Step 4: Security screen, under Encryption Options, choose a value for Security configuration.

  6. Configure other security options as desired and choose Create cluster.

CLI
To specify a security configuration with the AWS CLI

  • Use aws emr create-cluster to optionally apply a security configuration with --security-configuration MySecConfig, where MySecConfig is the name of the security configuration, as shown in the following example. The --release-label you specify must be 4.8.0 or later and the --instance-type can be any available.

    aws emr create-cluster --instance-type m5.xlarge --release-label emr-5.0.0 --security-configuration mySecConfig