Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support LogEncryptionKmsKeyId for EMR Clusters #17062

Closed
nagwanidheeraj opened this issue Jan 12, 2021 · 2 comments · Fixed by #17706
Closed

Support LogEncryptionKmsKeyId for EMR Clusters #17062

nagwanidheeraj opened this issue Jan 12, 2021 · 2 comments · Fixed by #17706
Assignees
@YakDriver
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/emr Issues and PRs that pertain to the emr service.
Milestone
v3.62.0

Comments

@nagwanidheeraj
Copy link

nagwanidheeraj commented Jan 12, 2021
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We need to store the EMR logs in a cross account s3 bucket and encrypt them. The bucket policy will deny any request to put an object unless the KMS key is provided in the request.

I made the change seen here and tested in our accounts. EMR was able to write logs to a cross account bucket that needs encryption key in the request. I don't know go & terraform code enough to be able to write validations and test cases though.

Validation

  • log_uri should be set if log_encryption_kms_key_id is provided
  • EMR version 5.30.0 and later, excluding EMR 6.0.0.

Any help here would be much appreciated.

New or Affected Resource(s)

  • aws_emr_cluster

Potential Terraform Configuration

resource aws_emr_cluster "emr-cluster" {
    ...
    log_uri                   = "s3n://path-to-your-bucket"
    log_encryption_kms_key_id = data.aws_kms_alias.logs-kms-key.target_key_arn
    ...
}

References
@nagwanidheeraj nagwanidheeraj added the enhancement Requests to existing resources that expand the functionality or scope. label Jan 12, 2021
@ghost ghost added the service/emr Issues and PRs that pertain to the emr service. label Jan 12, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jan 12, 2021
@anGie44 anGie44 removed the needs-triage Waiting for first response or review from a maintainer. label Jan 12, 2021
@nikhil-goenka nikhil-goenka mentioned this issue Feb 19, 2021
Merged
@YakDriver YakDriver self-assigned this Oct 5, 2021
@github-actions github-actions bot added this to the v3.62.0 milestone Oct 5, 2021
@github-actions
Copy link

github-actions bot commented Oct 8, 2021

This functionality has been released in v3.62.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

github-actions bot commented Jun 3, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 3, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@YakDriver YakDriver

Labels
enhancement Requests to existing resources that expand the functionality or scope. service/emr Issues and PRs that pertain to the emr service.
Projects
None yet
Milestone
v3.62.0
Development

Successfully merging a pull request may close this issue.

F/aws emr cluster nikhil-goenka/terraform-provider-aws
3 participants
@nagwanidheeraj @anGie44 @YakDriver