Enable At Rest Encryption | Vulnerability Database

Enable at-rest encryption for EMR clusters.

Data stored within an EMR cluster should be encrypted to ensure sensitive data is kept private.

Impact

At-rest data in the EMR cluster could be compromised if accessed.

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable at-rest encryption for EMR cluster

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21


  resource "aws_emr_security_configuration" "good_example" {
    name = "emrsc_other"
  
    configuration = <<EOF
  {
    "EncryptionConfiguration": {
      "AtRestEncryptionConfiguration": {
        "S3EncryptionConfiguration": {
          "EncryptionMode": "SSE-S3"
        },
        "LocalDiskEncryptionConfiguration": {
          "EncryptionKeyProviderType": "AwsKms",
          "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
        }
      },
      "EnableInTransitEncryption": true,
      "EnableAtRestEncryption": true
    }
  }
  EOF
  }

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_security_configuration