Best practice rules for Amazon EMR
- AWS EMR Instance Type Generation
Ensure AWS EMR clusters are using the latest generation of instances for performance and cost optimization.
- Block Public Access to Amazon EMR Clusters
Enable the Block Public Access feature for Amazon EMR clusters in the specified AWS region.
- Cluster in VPC
Ensure that your Amazon Elastic MapReduce clusters are provisioned using the AWS EC2-VPC platform instead of EC2-Classic platform.
- EMR Cluster Logging
Ensure AWS Elastic MapReduce clusters capture detailed log data to Amazon S3.
- EMR Desired Instance Type
Ensure that all your Amazon EMR cluster instances are of given instance types.
- EMR In-Transit and At-Rest Encryption
Ensure that your AWS Elastic MapReduce clusters are encrypted in order to meet security and compliance requirements.
- EMR Instances Counts
Ensure fewer Amazon EMR cluster instances than the provided limit in your AWS account.
- Use Customer Master Keys for EMR Log Files Encryption
Ensure that Amazon EMR log files are encrypted with KMS Customer Master Keys (CMKs).