A configuration for Amazon EMR block public access. When
BlockPublicSecurityGroupRules is set to true, Amazon EMR prevents cluster creation if one of the cluster's security groups has a rule that allows
inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an
exception using PermittedPublicSecurityGroupRuleRanges.
Contents
- BlockPublicSecurityGroupRules
-
Indicates whether Amazon EMR block public access is enabled (
true) or disabled (false). By default, the value isfalsefor accounts that have created Amazon EMR clusters before July 2019. For accounts created after this, the default istrue.Type: Boolean
Required: Yes
- PermittedPublicSecurityGroupRuleRanges
-
Specifies ports and port ranges that are permitted to have security group rules that allow inbound traffic from all public sources. For example, if Port 23 (Telnet) is specified for
PermittedPublicSecurityGroupRuleRanges, Amazon EMR allows cluster creation if a security group associated with the cluster has a rule that allows inbound traffic on Port 23 from IPv4 0.0.0.0/0 or IPv6 port ::/0 as the source.By default, Port 22, which is used for SSH access to the cluster Amazon EC2 instances, is in the list of
PermittedPublicSecurityGroupRuleRanges.Type: Array of PortRange objects
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
