# emr-kerberos-enabled
<a name="emr-kerberos-enabled"></a>

Checks if Amazon EMR clusters have Kerberos enabled. The rule is NON\$1COMPLIANT if a security configuration is not attached to the cluster or the security configuration does not satisfy the specified rule parameters.



**Identifier:** EMR\$1KERBEROS\$1ENABLED

**Resource Types:** AWS::EMR::Cluster

**Trigger type:** Periodic

**Amazon Web Services Region:** All supported Amazon regions

**Parameters:**

TicketLifetimeInHours (Optional)Type: int  
Period for which Kerberos ticket issued by cluster's KDC is valid.

Realm (Optional)Type: String  
Kereberos realm name of the other realm in the trust relationship.

Domain (Optional)Type: String  
Domain name of the other realm in the trust relationship.

AdminServer (Optional)Type: String  
Fully qualified domain of the admin server in the other realm of the trust relationship.

KdcServer (Optional)Type: String  
Fully qualified domain of the KDC server in the other realm of the trust relationship.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d803c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).