Considerations and limitations for Amazon EMR with the Identity Center integration
Consider the following points when you use IAM Identity Center with Amazon EMR:
-
Trusted identity propagation through Identity Center is supported on Amazon EMR 6.15.0 and higher, and only with Apache Spark.
-
To enable EMR clusters with trusted identity propagation, you must use the Amazon CLI to create a security configuration that has trusted identity propagation enabled, and use that security configuration when you launch your cluster. For more information, see Create an Identity Center enabled security configuration.
-
EMR clusters that use trusted identity propagation can only invoke services that also use trusted identity propagation.
-
Only table-level access control based on Amazon Lake Formation is available for EMR clusters that use trusted identity propagation.
-
With EMR clusters that use trusted identity propagation, operations that support access control based on Lake Formation with Apache Spark include
SELECT,ALTER TABLE, andDROP TABLE. -
With EMR clusters that use trusted identity propagation, Lake Formation based access controls that are not supported with Apache Spark include
INSERTstatements. -
Trusted identity propagation with Amazon EMR is supported in the following Amazon Web Services Regions:
-
ap-east-1– Asia Pacific (Hong Kong) -
ap-northeast-1– Asia Pacific (Tokyo) -
ap-northeast-2– Asia Pacific (Seoul) -
ap-south-1– Asia Pacific (Mumbai) -
ap-southeast-1– Asia Pacific (Singapore) -
ap-southeast-2– Asia Pacific (Sydney) -
ca-central-1– Canada (Central) -
eu-central-1– Europe (Frankfurt) -
eu-north-1– Europe (Stockholm) -
eu-west-1– Europe (Ireland) -
eu-west-2– Europe (London) -
eu-west-3– Europe (Paris) -
me-south-1– Middle East (Bahrain) -
sa-east-1– South America (São Paulo) -
us-east-1– US East (N. Virginia) -
us-east-2– US East (Ohio) -
us-west-1– US West (N. California) -
us-west-2– US West (Oregon)
-