Enable Amazon EMR Block Public Access Setting
Ensures that the Amazon EMR block public access setting is enabled to prevent launching clusters that allow inbound traffic from public IP addresses on unsafe ports.
| Rule | Amazon EMR block public access setting should be enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Critical |
Rule Description:
Amazon EMR block public access setting should be enabled to ensure that public access to Amazon EMR clusters is restricted, aligning with AWS Foundational Security Best Practices. By enabling this setting, unauthorized access and potential security risks from public exposure are mitigated.
Troubleshooting Steps:
If you encounter any issues while enabling the "block public access" setting for Amazon EMR, follow the steps below:
- 1.Ensure that you have the necessary IAM permissions to modify the EMR public access settings.
- 2.Check if there are any specific network configurations that might be conflicting with the block public access setting.
- 3.Review the EMR documentation and AWS Security Best Practices for any specific requirements or limitations.
Necessary Codes:
No specific codes are needed to enable the block public access setting for Amazon EMR as this can be configured through the AWS Management Console or CLI.
Remediation Steps:
To enable the block public access setting for Amazon EMR, follow the steps below:
- 1.Go to the Amazon EMR console at https://console.aws.amazon.com/elasticmapreduce/.
- 2.Select the EMR cluster for which you want to enable the block public access setting.
- 3.In the cluster details, navigate to the "Security and access" section.
- 4.Locate the "Block public access" setting and enable it.
- 5.Save the changes.
By following these steps, you will ensure that public access to your Amazon EMR clusters is blocked, enhancing the security posture of your environment in line with AWS Foundational Security Best Practices.