AWS EMR Best Practices

Best practice rules for Amazon EMR

Trend Micro Cloud One™ – Conformity monitors Amazon EMR with the following rules:

• AWS EMR Instance Type Generation

  Ensure AWS EMR clusters are using the latest generation of instances for performance and cost optimization.

• Cluster in VPC

  Ensure that your Amazon Elastic MapReduce clusters are provisioned using the AWS EC2-VPC platform instead of EC2-Classic platform.

• EMR Cluster Logging

  Ensure AWS Elastic MapReduce clusters capture detailed log data to Amazon S3.

• EMR Desired Instance Type

  Ensure that all your Amazon EMR cluster instances are of given instance types.

• EMR In-Transit and At-Rest Encryption

  Ensure that your AWS Elastic MapReduce clusters are encrypted in order to meet security and compliance requirements.

• EMR Instances Counts

  Ensure fewer Amazon EMR cluster instances than the provided limit in your AWS account.

• Use Customer Master Keys for EMR Log Files Encryption

  Ensure that Amazon EMR log files are encrypted with KMS Customer Master Keys (CMKs).