Ensure that AWS EMR clusters have Kerberos enabled

Error: AWS EMR cluster is not configured with Kerberos authentication

Bridgecrew Policy ID: BC_AWS_GENERAL_62
Checkov Check ID: CKV_AWS_114
Severity: LOW

AWS EMR cluster is not configured with Kerberos authentication

Description

Ensuring that the Kerberos Realm is set can help to improve the security of your EMR clusters by allowing you to more effectively manage and control access to your clusters. For example, you can use the Kerberos Realm to specify which users and groups are allowed to access your clusters, and which actions they are allowed to perform.

Fix - Buildtime

Terraform

  • Resource: aws_emr_cluster
  • Argument: kerberos_attributes.realm
resource "aws_emr_cluster" "test" {
...
  kerberos_attributes {
    kdc_admin_password                = "somePassword"
+   realm                             = "EC2.INTERNAL"
    }
}