Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Using SSL/TLS and configuring LDAPS with Presto on Amazon EMR - Amazon EMR

Using SSL/TLS and configuring LDAPS with Presto on Amazon EMR

PDFRSS

With Amazon EMR release version 5.6.0 and later, you can enable SSL/TLS to help secure internal communication between Presto nodes. You do this by setting up a security configuration for in-transit encryption. For more information, see Encryption options and Use security configurations to set up cluster security in the Amazon EMR Management Guide.

When you use a security configuration with in-transit encryption, Amazon EMR does the following for Presto:

  • Distributes the encryption artifacts, or certificates, that you specify for in-transit encryption throughout the Presto cluster. For more information, see Providing certificates for in-transit data encryption.

  • Sets the following properties using the presto-config configuration classification, which corresponds to the config.properties file for Presto:

    • Sets http-server.http.enabled to false on all nodes, which disables HTTP in favor of HTTPS. This requires you to provide certificates that work for public and private DNS when setting up the security configuration for in-transit encryption. One way to do this is to use SAN (Subject Alternative Name) certificates which support multiple domains.

    • Sets http-server.https.* values. For configuration details, see LDAP authentication in Presto documentation.

In addition, with Amazon EMR release version 5.10.0 and later, you can set up LDAP authentication for client connections to the Presto coordinator using HTTPS. This setup uses secure LDAP (LDAPS). TLS must be enabled on your LDAP server, and the Presto cluster must use a security configuration with in-transit data encryption enabled. Additional configuration is required. The configuration options are different depending on the release version of Amazon EMR that you use. For more information, see Using LDAP authentication for Presto on Amazon EMR.

Presto on Amazon EMR uses port 8446 for internal HTTPS by default. The port used for internal communication must be the same port used for client HTTPS access to the Presto coordinator. The http-server.https.port property in the presto-config configuration classification specifies the port.

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.