Amazon_EMR_1

Ensure in-transit and at-rest encryption is enabled for Amazon EMR clusters

Description

Data encryption helps prevent unauthorized users from reading data on a cluster and associated data storage systems. This includes data saved to persistent media, known as data at rest, and data that may be intercepted as it travels the network, known as data in transit.

Remediation

EMR versions 4.8.0 and later, supports the use of security configuration to specify settings for encrypting data at rest, data in transit, or both.When you enable at-rest data encryption, you can choose to encrypt EMRFS data in Amazon S3, data in local disks, or both. Each security configuration that you create is stored in Amazon EMR rather than in the cluster configuration, so you can easily reuse a configuration to specify data encryption settings whenever you create a cluster.

To create a Security Configuration using the console:

1. Sign in to the Amazon EMR console at https://console.aws.amazon.com/elasticmapreduce/

2. In the navigation pane, choose Security Configurations, Create security configuration.

3. Type a Name for the security configuration.

4. Choose options for Encryption and Authentication as described in the sections below and then choose Create.

References :

https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-create-security-configuration.html

https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-data-encryption-options.html 

Service

EMR

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!