Amazon EMR
Management Guide

Specify a Security Configuration for a Cluster

You can specify encryption settings when you create a cluster by specifying the security configuration. You can use the AWS Management Console or the AWS CLI.

Specifying a Security Configuration Using the Console

When using the AWS console to create an EMR cluster, you choose the security configuration during Step 4: Security of the advanced options creation process.

  1. Open the Amazon EMR console at

  2. Choose Create cluster, Go to advanced options.

  3. On theStep 1: Software and Steps screen, from the Release list, choose emr-4.8.0 or a more recent release. Choose the settings you want and choose Next.

  4. On the Step 2: Hardware screen, choose the settings you want and choose Next. Do the same for Step 3: General Cluster Settings.

  5. On the Step 4: Security screen, under Encryption Options, choose a value for Security configuration.

  6. Configure other security options as desired and choose Create cluster.

Specifying a Security Configuration Using the CLI

When you use aws emr create-cluster, you can optionally apply a security configuration using --security-configuration MySecConfig, where MySecConfig is the name of the security configuration, as shown in the following example. The --release-label specified must be 4.8.0 or later and the --instance-type can be any available.

aws emr create-cluster --instance-type m5.xlarge --release-label emr-5.0.0 --security-configuration mySecConfig