Determine if the AWS Elastic MapReduce (EMR) cluster instances (master and core instances) provisioned in your AWS account have the desired instance type established by your organization based on the workload deployed. Cloud Conformity provides you with the ability to define the desired instance types based on your workload requirements upon enabling this rule.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Setting limits for the type of Amazon EMR instances provisioned in your AWS account will help you address organizational compliance requirements and prevent unexpected charges on your monthly AWS bill.
Note 1: You can also limit your EMR cluster instances to the desired types using AWS Organizations service by implementing your own Service Control Policy on the master account. A Service Control Policy (SCP) is a type of policy that you can use to manage your organization. SCPs enable you to restrict what resources, services and actions the users, groups, and roles in those AWS accounts can use.
Note 2: The desired Elastic MapReduce instance type used as example within this rule is m3.xlarge. To meet your organizational requirements, you will need to configure this rule with your own desired instance types.
To determine if Amazon EMR instances launched in your AWS account have the desired type, perform the following:
Remediation / Resolution
To limit the new AWS Elastic MapReduce cluster instances to the desired type, create an AWS support case where you explain why you need this type of limitation. For any existing EMR clusters launched without using the desired instance type, just clone the necessary clusters and re-create them using the desired instance type.
To create the required AWS support case, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EMR Desired Instance Type
Risk level: Medium