404

**1. To create a security configuration with in-transit encryption enabled with PEM for certificate provider, and at-rest encryption enabled with SSE-S3 for S3 encryption and AWS-KMS for local disk key provider**

- Command::

	 aws emr create-security-configuration --name MySecurityConfig --security-configuration '{
		"EncryptionConfiguration": {
			"EnableInTransitEncryption" : true,
			"EnableAtRestEncryption" : true,
			"InTransitEncryptionConfiguration" : {
				"TLSCertificateConfiguration" : {
					"CertificateProviderType" : "PEM",
					"S3Object" : "s3://mycertstore/artifacts/MyCerts.zip"
				}
			},
			"AtRestEncryptionConfiguration" : {
				"S3EncryptionConfiguration" : {
					"EncryptionMode" : "SSE-S3"
				},
				"LocalDiskEncryptionConfiguration" : {
					"EncryptionKeyProviderType" : "AwsKms",
					"AwsKmsKey" : "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
				}
			}
		}
	}'

- Output::

    {
    "CreationDateTime": 1474070889.129,
    "Name": "MySecurityConfig"
    }

- JSON equivalent (contents of security_configuration.json)::

    {
        "EncryptionConfiguration": {
            "EnableInTransitEncryption": true,
            "EnableAtRestEncryption": true,
            "InTransitEncryptionConfiguration": {
                "TLSCertificateConfiguration": {
                    "CertificateProviderType": "PEM",
                    "S3Object": "s3://mycertstore/artifacts/MyCerts.zip"
                }
            },
            "AtRestEncryptionConfiguration": {
                "S3EncryptionConfiguration": {
                    "EncryptionMode": "SSE-S3"
                },
                "LocalDiskEncryptionConfiguration": {
                    "EncryptionKeyProviderType": "AwsKms",
                    "AwsKmsKey": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
                }
            }
        }
    }

- Command (using security_configuration.json)::

   aws emr create-security-configuration --name "MySecurityConfig" --security-configuration file://./security_configuration.json

- Output::

    {
    "CreationDateTime": 1474070889.129,
    "Name": "MySecurityConfig"
    }

**2. To create a security configuration with Kerberos enabled using cluster-dedicated KDC and cross-realm trust**

- Command::

     aws emr create-security-configuration --name MySecurityConfig --security-configuration '{
         "AuthenticationConfiguration": {
             "KerberosConfiguration": {
                 "Provider": "ClusterDedicatedKdc",
                 "ClusterDedicatedKdcConfiguration": {
                     "TicketLifetimeInHours": 24,
                     "CrossRealmTrustConfiguration": {
                       "Realm": "AD.DOMAIN.COM",
                       "Domain": "ad.domain.com",
                       "AdminServer": "ad.domain.com",
                       "KdcServer": "ad.domain.com"
                     }
                 }
             }
         }
    }'

- Output::

    {
    "CreationDateTime": 1490225558.982,
    "Name": "MySecurityConfig"
    }

- JSON equivalent (contents of security_configuration.json)::

    {
        "AuthenticationConfiguration": {
            "KerberosConfiguration": {
                "Provider": "ClusterDedicatedKdc",
                "ClusterDedicatedKdcConfiguration": {
                    "TicketLifetimeInHours": 24,
                    "CrossRealmTrustConfiguration": {
                        "Realm": "AD.DOMAIN.COM",
                        "Domain": "ad.domain.com",
                        "AdminServer": "ad.domain.com",
                        "KdcServer": "ad.domain.com"
                    }
                }
            }
        }
    }

- Command (using security_configuration.json)::

   aws emr create-security-configuration --name "MySecurityConfig" --security-configuration file://./security_configuration.json

- Output::

    {
    "CreationDateTime": 1490225558.982,
    "Name": "MySecurityConfig"
    }

Name	Type	Size	Permission
add-instance-fleet.rst	File	521 B	0644
add-steps.rst	File	4.37 KB	0644
add-tags.rst	File	648 B	0644
create-cluster-examples.rst	File	29.94 KB	0644
create-cluster-synopsis.txt	File	1.17 KB	0644
create-default-roles.rst	File	5.55 KB	0644
create-security-configuration.rst	File	3.91 KB	0644
delete-security-configuration.rst	File	173 B	0644
describe-cluster.rst	File	9.37 KB	0644
describe-step.rst	File	1.12 KB	0644
get.rst	File	258 B	0644
list-clusters.rst	File	670 B	0644
list-instance-fleets.rst	File	1.98 KB	0644
list-instances.rst	File	3.19 KB	0644
list-security-configurations.rst	File	437 B	0644
list-steps.rst	File	151 B	0644
modify-cluster-attributes.rst	File	196 B	0644
modify-instance-fleet.rst	File	333 B	0644
put.rst	File	287 B	0644
remove-tags.rst	File	184 B	0644
schedule-hbase-backup.rst	File	678 B	0644
socks.rst	File	273 B	0644
ssh.rst	File	1.43 KB	0644
wait.rst	File	165 B	0644

[ Avaa Bypassed ]

Upload:

Command:

Filemanager

Server Info

System Info

User Info