Ensure EMR cluster is Configured with Kerberos Authentication

MEDIUM

Description

AWS EMR Clusters are not configured with Kerberos authentication. This may lead to potential security risks.

Remediation

To configure Kerberos in the AWS EMR environment, there are several components required including the authentication environment (such as Active Directory). Once that is prepared, follow the directions in the AWS documentation (below) to use that environment in the principals section of an EMR Configuration.

In Terraform -

In the aws_emr_cluster resource, set the kerberos_attributes fields kdc_admin_password and realm accordingly.

References:
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-kerberos.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_cluster#kerberos_attributes

Policy Details

Rule Reference ID: AC_AWS_0469

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_emr_cluster

Resource Category: Management

Resource Type: Elastic MapReduce (EMR)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF