Enable local-disk encryption for EMR clusters.
Data stored within an EMR instances should be encrypted to ensure sensitive data is kept private.
Impact
Local-disk data in the EMR cluster could be compromised if accessed.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enable local-disk encryption for EMR cluster
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
resource "aws_emr_security_configuration" "good_example" {
name = "emrsc_other"
configuration = <<EOF
{
"EncryptionConfiguration": {
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": {
"EncryptionMode": "SSE-S3"
},
"LocalDiskEncryptionConfiguration": {
"EncryptionKeyProviderType": "AwsKms",
"AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
}
},
"EnableInTransitEncryption": true,
"EnableAtRestEncryption": true
}
}
EOF
}
|
Links