AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EMR Cluster Master Node Should Not Have Public IP
More Info:
Ensure that EMR Cluster Master nodes don’t have public Ips
Risk Level
High
Addresses
Security
Compliance Standards
SOC2,ISO27001,HITRUST,NISTCSF,PCIDSS,SEBI,RBI_MD_ITF,RBI_UCB
Triage and Remediation
Remediation
To remediate the misconfiguration of EMR Cluster Master Node having a public IP in AWS, you can follow these steps using the AWS Management Console:
-
Access the AWS Management Console: Go to the AWS Management Console (https://aws.amazon.com/console/).
-
Navigate to EMR Service: Click on the “Services” dropdown in the top left corner, search for “EMR” (Elastic MapReduce), and click on it to open the EMR dashboard.
-
Select the EMR Cluster: From the list of EMR clusters, select the cluster where the Master Node has a public IP address that needs to be remediated.
-
Update Security Configuration:
- Click on the “Security and access” tab in the cluster details.
- Under the “Security groups” section, click on the security group associated with the Master Node.
-
Edit Security Group Rules:
- In the security group settings, locate the inbound rule that allows inbound traffic to the Master Node from the internet (0.0.0.0/0).
- Edit the inbound rule to restrict access to the Master Node by changing the source IP range to a specific IP or CIDR block that needs access.
-
Remove Public IP:
- In the EMR Cluster settings, find the Master Node configuration.
- Update the network settings to remove the public IP assignment for the Master Node.
-
Save Changes: Once you have made the necessary changes to the security group rules and network settings, save the configuration changes.
-
Verify Configuration:
- After saving the changes, verify that the Master Node no longer has a public IP address assigned to it.
- Test the connectivity to ensure that the necessary access is still available without exposing the Master Node to the public internet.
By following these steps, you can remediate the misconfiguration of an EMR Cluster Master Node having a public IP address in AWS.
To remediate the misconfiguration of having a public IP assigned to the EMR Cluster Master Node in AWS, you can follow these steps using the AWS CLI:
-
Identify the EMR Cluster Master Node: Run the following AWS CLI command to describe the cluster and identify the Master Node’s public IP address:
aws emr describe-cluster --cluster-id YOUR_CLUSTER_ID --query 'Cluster.MasterPublicDnsName' -
Modify the Security Group associated with the EMR Cluster: Run the following AWS CLI command to identify the security group attached to the EMR Cluster:
aws emr describe-cluster --cluster-id YOUR_CLUSTER_ID --query 'Cluster.SecurityGroups[0].Name' -
Update the Security Group to remove the inbound rule allowing SSH (port 22) access from 0.0.0.0/0: Run the following AWS CLI command to revoke the ingress rule for port 22:
aws ec2 revoke-security-group-ingress --group-id YOUR_SECURITY_GROUP_ID --protocol tcp --port 22 --cidr 0.0.0.0/0 -
Verify the Public IP has been removed: Run the following AWS CLI command to describe the cluster and confirm that the Master Node no longer has a public IP address:
aws emr describe-cluster --cluster-id YOUR_CLUSTER_ID --query 'Cluster.MasterPublicDnsName'
By following these steps, you can remediate the misconfiguration of having a public IP assigned to the EMR Cluster Master Node in AWS using the AWS CLI.
To remediate the misconfiguration of the EMR Cluster Master Node having a public IP in AWS, you can follow these steps using Python and Boto3:
- Import the necessary libraries:
import boto3
- Initialize the AWS client for EMR:
emr_client = boto3.client('emr', region_name='your_region')
- Identify the EMR Cluster ID for the cluster with the Master Node having a public IP:
cluster_id = 'your_cluster_id'
- Describe the cluster to get the current configuration:
response = emr_client.describe_cluster(ClusterId=cluster_id)
- Check if the Master Public DNS Name is present in the response:
if 'MasterPublicDnsName' in response['Cluster']:
# Disassociate the public IP from the Master Node
emr_client.modify_instance_fleet(ClusterId=cluster_id, InstanceFleet={ 'InstanceFleetType': 'MASTER', 'TargetOnDemandCapacity': 1 })
print("Public IP removed from Master Node successfully.")
else:
print("Master Node does not have a public IP.")
- Run the Python script to remediate the misconfiguration and remove the public IP from the Master Node of the EMR Cluster.
By following these steps, you can remediate the misconfiguration of the EMR Cluster Master Node having a public IP in AWS using Python and Boto3.