Description:
An Amazon EMR cluster with public IPs can be accessed from the internet, which can increase the risk of security vulnerabilities. By ensuring that EMR clusters do not have public IPs, you can help to protect your data and applications.
Rationale:
Following this policy helps to protect your data and applications from unauthorized access. By ensuring that EMR clusters do not have public IPs, you can help to prevent attackers from gaining access to your cluster and your data.
Impact:
Following this policy can have a number of positive impacts, including:
- Increased security: By ensuring that EMR clusters do not have public IPs, you can help to prevent attackers from gaining access to your cluster and your data.
- Reduced risk of unauthorized access: By ensuring that EMR clusters do not have public IPs, you can help to reduce the risk of unauthorized access to your cluster and your data.
- Improved compliance: By following this policy, you can help to ensure that your EMR clusters are compliant with security best practices.
Default Value:
AWS EMR does not recommend that you create EMR clusters with public IPs. However, it is possible to create EMR clusters with public IPs if you need to access them from the internet.
Pre-requisites:
- You must have an AWS account and be signed in to the AWS Management Console.
- You must have the AWS EMR permissions to create and manage EMR clusters.
Remediation Steps:
To remediate an EMR cluster that has public IPs, you can follow these steps:
- Go to the AWS EMR console.
- Click on the "Clusters" tab.
- Select the EMR cluster that you want to remediate.
- Click on the "Edit" button.
- In the "Network" section, uncheck the "Enable Public IP" checkbox.
- Click on the "Save" button.
Test Plan:
To test whether an EMR cluster has public IPs, you can follow these steps:
- Go to the AWS EMR console.
- Click on the "Clusters" tab.
- Select the EMR cluster that you want to test.
- Click on the "Details" tab.
- In the "Network" section, verify that the "Enable Public IP" checkbox is unchecked.
Implementation Plan:
To implement this policy, you can follow these steps:
- Create a new EMR cluster.
- In the "Network" section, uncheck the "Enable Public IP" checkbox.
- Save the EMR cluster.
AWS CLI Process:
To use the AWS CLI to implement this policy, you can use the following command:
aws emr create-cluster --enable-public-ip=false
Using AWS GUI:
To use the AWS Management Console to implement this policy, you can follow these steps:
- Go to the AWS EMR console.
- Click on the "Clusters" tab.
- Click on the "Create cluster" button.
- In the "Network" section, uncheck the "Enable Public IP" checkbox.
- Click on the "Create" button.
Backout Plan:
To backout of this policy, you can follow these steps:
- Go to the AWS EMR console.
- Click on the "Clusters" tab.
- Select the EMR cluster that you want to backout of.
- Click on the "Edit" button.
- In the "Network" section, check the "Enable Public IP" checkbox.
- Click on the "Save" button.
Note:
- This policy does not apply to EMR clusters that are created using the AWS EMR API.
Reference:
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-vpc-subnet.html
https://docs.aws.amazon.com/cli/latest/reference/emr/
https://docs.aws.amazon.com/emr/latest/APIReference/