Best practice rules for Amazon EMR
Trend Micro Cloud One™ – Conformity monitors Amazon EMR with the following rules:
- AWS EMR Instance Type Generation
Ensure AWS EMR clusters are using the latest generation of instances for performance and cost optimization.
- Cluster In VPC
Ensure AWS EMR clusters are launched in a Virtual Private Cloud (i.e. are using EC2-VPC platform).
- EMR Cluster Logging
Ensure AWS Elastic MapReduce (EMR) clusters capture detailed log data to Amazon S3.
- EMR Desired Instance Type
Ensure that all your Amazon EMR cluster instances are of given instance types.
- EMR In-Transit and At-Rest Encryption
Ensure in-transit and at-rest encryption is enabled for Amazon EMR clusters.
- EMR Instances Counts
Ensure fewer Amazon EMR cluster instances than the provided limit in your AWS account.