More Info:

Ensure that your Amazon Elastic MapReduce (EMR) clusters are provisioned using the AWS EC2-VPC platform instead of EC2-Classic platform (outdated from 2013.12.04) for better flexibility and control over security, better traffic routing and availability. Medium

Address

Cost Optimization, Security

Compliance Standards

PCIDSS, HIPAA

Remediation

How to ensure EMR clusters are in VPC

Using AWS Console

  1. Navigate to the Amazon EMR console.
  2. Click on the “Create cluster” button to create a new cluster, or select an existing cluster from the cluster list.
  3. In the “Create Cluster” or “Edit Cluster” page, locate the “General configuration” section. (In the Cloudanix Console, navigate to “Misconfig” page and look for Affected Assets for “MR Clusters Should Be In VPC” Policy.)
  4. Under the “Network settings” section, ensure that the “Launch mode” is set to “VPC”.
  5. Select the desired VPC from the available options. If you haven’t created a VPC yet, you can create one using the Amazon VPC service before configuring your EMR cluster.
  6. Select the appropriate Subnet(s) within the selected VPC where you want the EMR cluster instances to be launched.
  7. Optionally, you can configure additional network settings such as the VPC security groups and EMR managed scaling rules.
  8. Review and configure the remaining settings for your EMR cluster, such as instance types, EC2 key pair, software configuration, etc.
  9. Once you have completed the configuration, click on the “Create cluster” or “Save” button to launch or update the cluster.

Additional Reading: