HAQM EMR now supports encrypting log files using Customer-managed CMKs in AWS Key Management Service (KMS)

HAQM EMR now supports encrypting log files using Customer-managed Customer master keys (CMKs) stored in AWS Key Management Service (KMS). HAQM EMR automatically upload log files to HAQM S3 when logging and debugging is enabled With this new feature, you can associate Customer managed CMKs in AWS KMS when launching a cluster. HAQM EMR will automatically encrypt logs using the Customer managed CMKs in AWS KMS. Previously you could only encrypt log files written to S3 using Server-Side Encryption with HAQM S3-Managed Keys (SSE-S3). Click here to learn more about encrypting log files please see the documentation.

Log encryption using customer managed CMKs is available in EMR version 5.30, in all regions where EMR is available - see Region table. For KMS pricing see KMS Pricing Page. To learn more about data protection in HAQM EMR, see our Security Documentation.