Posted On: Sep 21, 2016
You can now easily enable encryption for data at-rest and in-transit for Apache Spark, Apache Tez, and Apache Hadoop MapReduce on HAQM EMR. For encryption at-rest, you can encrypt data stored in HAQM S3 with the EMR File System (EMRFS) and data stored on your HAQM EMR cluster in the local file system on each node and the Hadoop Distributed File System (HDFS). For encryption in-transit, HAQM EMR will enable the open-source encryption features for Apache Spark, Apache Tez, and Apache Hadoop MapReduce.
Encryption for each supported component can be easily configured using an HAQM EMR security configuration, which specifies the keys and certificates to use for encryption on your cluster. Security configurations are named AWS resources, and they are stored for you in the HAQM EMR service.
You can create a security configuration on the security configuration page in HAQM EMR console, AWS Command Line Interface (CLI), or the AWS SDK with the HAQM EMR API. After creating a security configuration, you can specify it when creating an HAQM EMR cluster. You can use AWS Key Management Service (KMS) or custom key management infrastructure to supply encryption keys, and you can use TLS certificates stored in HAQM S3 for in-transit encryption. Security configurations are supported on HAQM EMR releases 5.0.0 and 4.8.0. Please visit the HAQM EMR documentation for more information about security configurations, encryption at-rest for each storage layer, and encryption in-transit mechanisms for each supported engine.