Skip to content

AWS EMR cluster is not configured with Kerberos authentication

Description

Ensuring that the Kerberos Realm is set can help to improve the security of your EMR clusters by allowing you to more effectively manage and control access to your clusters. For example, you can use the Kerberos Realm to specify which users and groups are allowed to access your clusters, and which actions they are allowed to perform.

Fix - Buildtime

Terraform

  • Resource: aws_emr_cluster
  • Argument: kerberos_attributes.realm 
resource "aws_emr_cluster" "test" {
...
  kerberos_attributes {
    kdc_admin_password                = "somePassword"
+   realm                             = "EC2.INTERNAL"
    }
}