Ensure EMR cluster is Configured with Kerberos Authentication

MEDIUM

Description

AWS EMR Clusters are not configured with Kerberos authentication. This may lead to potential security risks.

Remediation

To configure Kerberos in the AWS EMR environment, there are several components required including the authentication environment (such as Active Directory). Once that is prepared, follow the directions in the AWS documentation (below) to use that environment in the principals section of an EMR Configuration.

In Terraform -

  1. In the aws_emr_cluster resource, set the kerberos_attributes fields kdc_admin_password and realm accordingly.

References:
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-kerberos.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_cluster#kerberos_attributes

Policy Details

Rule Reference ID: AC_AWS_0469
CSP: AWS
Remediation Available: Yes
Resource: aws_emr_cluster
Resource Category: Management

Frameworks