HIGH
Source
Trivy
ID
AVD-AWS-0139

Enable local-disk encryption for EMR clusters.

Data stored within an EMR instances should be encrypted to ensure sensitive data is kept private.

Impact

Local-disk data in the EMR cluster could be compromised if accessed.

Follow the appropriate remediation steps below to resolve the issue.

Local-disk encryption for emr security configuration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
resource "aws_emr_security_configuration" "foo" {
  name = "emrsc_other"

  configuration = <<EOF
{
  "EncryptionConfiguration": {
    "AtRestEncryptionConfiguration": {
      "S3EncryptionConfiguration": {
        "EncryptionMode": "SSE-S3"
      },
      "LocalDiskEncryptionConfiguration": {
        "EncryptionKeyProviderType": "AwsKms",
        "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
      }
    },
    "EnableInTransitEncryption": true,
    "EnableAtRestEncryption": true
  }
}
EOF
}