AWS-EMR-Security-configuration-data-encrytion-certificate-type-PEM

Severity: Medium

Description: This control ensures that in transit data in an EMR Cluster will always be encrypted with custom(our own) certificate provider. AWS EMR cluster, data will be shared between different applications in the cluster which if not encrypted can be vulnerable. Data In transit should be encrypted with a certificate from custom certificate provider. 

Certificates from other providers cannot be used for encryption for safety concerns.

Remediation Steps:

Perform following to configure a security configuration with custom certificate provider for In Transit data encryption :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate to EMR service.

3. In the Navigation pane, choose Security configurations.

4. Click on Create button.

5. Check Data in transit encryption checkbox, select Custom option in Certificate provider type dropdown

6. In Custom key provider location text box, provide location of jar file of the custom certificate provider.

7. Enter Certificate provider class name in the given location.

8. Click Create button.

Important:

Reference:

• Encryption options for Amazon EMR - Amazon EMR