Ensure that AWS EMR clusters have Kerberos enabled
Error: AWS EMR cluster is not configured with Kerberos authentication
Bridgecrew Policy ID: BC_AWS_GENERAL_62
Checkov Check ID: CKV_AWS_114
Severity: LOW
AWS EMR cluster is not configured with Kerberos authentication
Description
Ensuring that the Kerberos Realm is set can help to improve the security of your EMR clusters by allowing you to more effectively manage and control access to your clusters. For example, you can use the Kerberos Realm to specify which users and groups are allowed to access your clusters, and which actions they are allowed to perform.
Fix - Buildtime
Terraform
- Resource: aws_emr_cluster
- Argument: kerberos_attributes.realm
resource "aws_emr_cluster" "test" {
...
kerberos_attributes {
kdc_admin_password = "somePassword"
+ realm = "EC2.INTERNAL"
}
}
Updated 5 months ago