Ensure that your Amazon Elastic MapReduce (EMR) clusters are provisioned using the AWS EC2-VPC platform instead of EC2-Classic platform (outdated from 2013.12.04) for better flexibility and control over security, better traffic routing and availability.
This rule can help you with the following compliance standards:
- PCI
- HIPAA
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Launching and managing AWS EMR clusters using EC2-VPC platform instead of EC2-Classic can bring multiple advantages such as better networking infrastructure (network isolation, private subnets and private IP addresses), much more flexible control over access security (network ACLs and security group outbound/egress traffic filtering) and access to newer and powerful EC2 instance types (C4, M4, R4, etc) for your clusters. Even more, if you are processing sensitive data within your EMR clusters, you may want the additional access control provided by the EC2-VPC platform, that can be enabled by launching your clusters into a VPC.
Note: If your AWS account was created after 2013.12.04, it supports EC2-VPC only.
Audit
To determine the EC2 platform (EC2-Classic or EC2-VPC) used to launch your Amazon EMR clusters, perform the following:
Remediation / Resolution
To migrate your AWS EMR clusters from EC2-Classic platform to EC2-VPC platform, you must re-create your clusters within a Virtual Private Cloud (VPC). To relaunch and configure your EMR clusters in an AWS VPC, perform the following actions:
References
- AWS Documentation
- Supported Platforms
- Amazon EC2 and Amazon Virtual Private Cloud
- Plan and Configure Networking
- Launch Clusters into a VPC
- Cloning a Cluster Using the Console
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-account-attributes
- emr
- list-clusters
- describe-cluster
- create-cluster
- terminate-clusters
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Cluster In VPC
Risk level: Medium