Protecting Data at Rest on Amazon EMR

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Amazon EMR is a managed service in the cloud. AWS provides the AMIs required to run Amazon EMR, and you can't use custom AMIs or your own EBS volumes. By default, Amazon EMR instances do not encrypt data at rest.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Amazon EMR clusters often use either Amazon S3 or DynamoDB as the persistent data store. When an Amazon EMR cluster starts, it can copy the data required for it to operate from the persistent store into HDFS, or use data directly from Amazon S3 or DynamoDB.

See Also

https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, PHYSICAL AND ENVIRONMENTAL PROTECTION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-11, 800-53|AC-18, 800-53|AU-13, 800-53|IA-3, 800-53|IA-7, 800-53|PE-19, 800-53|SA-8, 800-53|SC-7, 800-53|SC-8, 800-53|SC-9, 800-53|SC-13, 800-53|SC-16, 800-53|SC-23, 800-53|SC-28, 800-53|SI-7, 800-53|SI-8

Plugin: amazon_aws

Control ID: 8d13d1fdc4619f7510e9a87cfad2503dade42c1d01849408a7e3b7dc8dcc9a28