AWS EMR cluster is not configured with Kerberos Authentication
Description
Ensuring that the Kerberos Realm is set can help to improve the security of your EMR clusters by allowing you to more effectively manage and control access to your clusters. For example, you can use the Kerberos Realm to specify which users and groups are allowed to access your clusters, and which actions they are allowed to perform.
Code Example
go
resource "aws_emr_cluster" "test" {
...
kerberos_attributes {
kdc_admin_password = "somePassword"
+ realm = "EC2.INTERNAL"
}
}resource "aws_emr_cluster" "test" {
...
kerberos_attributes {
kdc_admin_password = "somePassword"
+ realm = "EC2.INTERNAL"
}
}Remediation
Terraform
- Resource: aws_emr_cluster
- Arguments: kerberos_attributes.realm
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0167 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_114 |