Terraform AWS EMR
EMR clusters and instance groups with security configurations, encryption in transit and at rest, Kerberos, IAM roles, bootstrap actions, logging, and deployment in private subnets.
Controls Enforced
The following compliance controls are enforced by this module at terraform plan time.
- EMR cluster Kerberos should be enabled medium effort
- EMR clusters should have security configuration enabled medium effort
Quick Start
module "emr" {
source = "acscessentialeight.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "acscism2023.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "awscontroltower.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "awsgenai.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "awswellarchitected.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cccsmedium.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cfrpart11.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cisv140.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cisv500.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cis.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cisv80ig1.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "cisacyberessentials.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "eugmpannex11.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "fedramplow.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "fedrampmoderate.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "ffiec.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "gdpr.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "hipaa.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "iso27001.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "nis2.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "nist800171.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "nist80053.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "nistcsf.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "nydfs23.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "pcidss.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "rbicybersecurity.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "rbiitfnbfc.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
module "emr" {
source = "soc2.compliance.tf/terraform-aws-modules/emr/aws"
version = "<version>"
# ... your arguments here
}
See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.
Migration from Upstream
Already using terraform-aws-modules? Change only the source URL:
module "emr" {
source = "terraform-aws-modules/emr/aws"
version = "1.0"
}
module "emr" {
source = "soc2.compliance.tf/terraform-aws-modules/emr/aws"
version = "1.0"
}
Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.
See the Migration Guide for step-by-step instructions.
Reversibility
No lock-in. Switch back by reverting the source URL to the upstream path:
module "emr" {
source = "terraform-aws-modules/emr/aws"
}
Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks
11.300(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging)
3.3 Configure Data Access Control Lists
D3.PC.Am.B.12
164.312(a)(1) Access control
500.07 Access Privileges and Management
8.3.2: Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components
8.I Basic Security Aspects
CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity's objectives
Framework Coverage
Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint
| Control | Title 21 CFR Part 11 | CIS Controls v8.0 IG1 | FFIEC Cybersecurity Assessment Tool | HIPAA Omnibus Rule 2013 | NIST SP 800-171 Rev 2 | NYDFS Cybersecurity Regulation | PCI DSS v4.0 | RBI IT Framework for NBFCs |
|---|---|---|---|---|---|---|---|---|
| EMR cluster Kerberos should be enabled | ● | ● | ● | ● | ● | ● | ● | ● |
| EMR clusters should have security configuration enabled | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ○ |
Showing top 8 frameworks by coverage. All framework endpoints →