Users and Authentication - Teaching Big Data Skills with Amazon EMR

Users and Authentication

In this deployment, user authentication and restricting access to data is easily controlled using IAM and S3 bucket policies. Each student is provided with a unique IAM login to the university AWS Management Console that is minimally scoped to authorize EMR cluster operations and permissions to read and upload to selected S3 buckets. If your university has an existing identity provider, you can integrate existing student logins with the AWS Management Console, eliminating the need for users to use a new IAM user. For more information, see Identity Federation in AWS.

EMR releases 5.10.0 and later also support Kerberos authentication. For more information on using Kerberos authentication with an EMR cluster, see Use Kerberos Authentication.

Students can then be provided with an AWS CloudFormation template that automatically provisions an EMR cluster for their use. These CloudFormation templates can be customized to reflect specific coursework per lesson, or provisioned once per semester, depending upon what the course syllabus requires.