Considerations and limitations for Amazon EMR with the Identity Center integration
Consider the following points when you use IAM Identity Center with Amazon EMR:
-
Trusted identity propagation through Identity Center is supported on Amazon EMR 6.15.0 and higher, and only with Apache Spark.
-
To enable EMR clusters with trusted identity propagation, you must use the Amazon CLI to create a security configuration that has trusted identity propagation enabled, and use that security configuration when you launch your cluster. For more information, see Create an Identity Center enabled security configuration.
-
EMR clusters that use trusted identity propagation can only invoke services that also use trusted identity propagation.
-
Only table-level access control based on Amazon Lake Formation is available for EMR clusters that use trusted identity propagation.
-
With EMR clusters that use trusted identity propagation, operations that support access control based on Lake Formation with Apache Spark include
SELECT
,ALTER TABLE
, andDROP TABLE
. -
With EMR clusters that use trusted identity propagation, Lake Formation based access controls that are not supported with Apache Spark include
INSERT
statements. -
Trusted identity propagation with Amazon EMR is supported in the following Amazon Web Services Regions:
-
ap-east-1
– Asia Pacific (Hong Kong) -
ap-northeast-1
– Asia Pacific (Tokyo) -
ap-northeast-2
– Asia Pacific (Seoul) -
ap-south-1
– Asia Pacific (Mumbai) -
ap-southeast-1
– Asia Pacific (Singapore) -
ap-southeast-2
– Asia Pacific (Sydney) -
ca-central-1
– Canada (Central) -
eu-central-1
– Europe (Frankfurt) -
eu-north-1
– Europe (Stockholm) -
eu-west-1
– Europe (Ireland) -
eu-west-2
– Europe (London) -
eu-west-3
– Europe (Paris) -
me-south-1
– Middle East (Bahrain) -
sa-east-1
– South America (São Paulo) -
us-east-1
– US East (N. Virginia) -
us-east-2
– US East (Ohio) -
us-west-1
– US West (N. California) -
us-west-2
– US West (Oregon)
-