Alchemy

Appearance

SecurityConfiguration ​

The SecurityConfiguration resource allows you to manage AWS EMR SecurityConfigurations that define security settings for your EMR clusters, such as encryption, access control, and logging.

Minimal Example ​

Create a basic EMR SecurityConfiguration with required properties and a common optional name.

ts
import AWS from "alchemy/aws/control";

const emrSecurityConfig = await AWS.EMR.SecurityConfiguration("basicSecurityConfig", {
  SecurityConfiguration: {
    Encryption: {
      EnableInTransitEncryption: true,
      EnableAtRestEncryption: true,
      AtRestEncryptionConfiguration: {
        S3Encryption: {
          Mode: "SSE-S3"
        }
      },
      InTransitEncryptionConfiguration: {
        Enable: true
      }
    },
    Logging: {
      EnableLogging: true,
      S3LoggingPath: "s3://my-emr-logs/"
    }
  },
  Name: "BasicSecurityConfig"
});

Advanced Configuration ​

Configure an EMR SecurityConfiguration with detailed encryption and logging settings.

ts
const advancedSecurityConfig = await AWS.EMR.SecurityConfiguration("advancedSecurityConfig", {
  SecurityConfiguration: {
    Encryption: {
      EnableInTransitEncryption: true,
      EnableAtRestEncryption: true,
      AtRestEncryptionConfiguration: {
        S3Encryption: {
          Mode: "SSE-KMS",
          KmsKeyArn: "arn:aws:kms:us-west-2:123456789012:key/abcd1234-56ef-78gh-90ij-klmnopqrst"
        }
      },
      InTransitEncryptionConfiguration: {
        Enable: true,
        Options: {
          KmsKeyArn: "arn:aws:kms:us-west-2:123456789012:key/abcd1234-56ef-78gh-90ij-klmnopqrst"
        }
      }
    },
    Logging: {
      EnableLogging: true,
      S3LoggingPath: "s3://my-emr-logs/",
      CloudWatchLoggingOptions: {
        LogGroupName: "my-emr-log-group",
        LogStreamName: "my-emr-log-stream"
      }
    }
  },
  Name: "AdvancedSecurityConfig"
});

Custom IAM Policy ​

Define a SecurityConfiguration with a custom IAM policy for access control.

ts
const customIAMPolicyConfig = await AWS.EMR.SecurityConfiguration("customIAMPolicyConfig", {
  SecurityConfiguration: {
    IAMPolicy: {
      Version: "2012-10-17",
      Statement: [
        {
          Effect: "Allow",
          Action: [
            "elasticmapreduce:ListClusters",
            "elasticmapreduce:DescribeCluster"
          ],
          Resource: "*"
        }
      ]
    },
    Encryption: {
      EnableInTransitEncryption: true,
      EnableAtRestEncryption: true
    },
    Logging: {
      EnableLogging: true,
      S3LoggingPath: "s3://my-emr-logs/"
    }
  },
  Name: "CustomIAMPolicySecurityConfig"
});