EMR In-Transit and At-Rest Encryption

​

More Info:

​

Risk Level

​

Address

​

Compliance Standards

​

Remediation

​

Using AWS Console

1. Log in to the AWS Management Console using your AWS account credentials.
2. Navigate to the Amazon EMR service by selecting “EMR” from the services menu. (In the Cloudanix Console, navigate to “Misconfig” page and look for Affected Assets for “EMR In-Transit and At-Rest Encryption” Policy.)
3. Click on the “Create cluster” button to create a new EMR cluster or select an existing cluster to modify its settings.
4. In the “Create Cluster” or “Cluster List” page, scroll down to the “Security and Encryption” section.
5. Under the “Encryption” tab, you will find options for both in-transit and at-rest encryption.
6. To enable in-transit encryption, select the “Enable” checkbox next to “Encryption in transit”.
7. Choose the desired encryption option for in-transit encryption. You can select “SSL” for encryption using SSL/TLS or “Custom” to provide your own custom encryption settings.
8. To enable at-rest encryption, select the “Enable” checkbox next to “Encryption at rest”.
9. Choose the desired encryption option for at-rest encryption. You can select “Default AWS Key Management Service (KMS) key” or “Custom AWS KMS key” for encryption using AWS KMS. If you choose the “Custom AWS KMS key” option, provide the ARN (Amazon Resource Name) of the KMS key you want to use.
10. Review the other configuration settings for your EMR cluster, such as instance types, storage, and software configuration.
11. Click on the “Create cluster” or “Modify cluster” button to start the cluster creation or modification process.
12. AWS will provision the EMR cluster with the specified encryption settings, enabling both in-transit and at-rest encryption.

​

Additional Reading

• [https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-data-encryption-options.html]