Apache Ranger - Amazon EMR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Apache Ranger

Apache Ranger is a framework to enable, monitor, and manage comprehensive data security across the Hadoop platform.

Apache Ranger has the following features:

  • Centralized security administration to manage all security related tasks in a central UI or using REST APIs.

  • Fine-grained authorization to do a specific action or operation with a Hadoop component or tool, managed through a central administration tool.

  • A standardized authorization method across all Hadoop components.

  • Enhanced support for various authorization methods.

  • Centralized auditing of user access and administrative actions (security related) within all the components of Hadoop.

Apache Ranger uses two key components for authorization:

  • Apache Ranger policy admin server - This server allows you to define the authorization policies for Hadoop applications. When integrating with Amazon EMR, you are able to define and enforce policies for Apache Spark and Hive to access Hive Metastore, and accessing Amazon S3 data EMR File System (EMRFS). You can set up a new or use an existing Apache Ranger policy admin server to integrate with Amazon EMR.

  • Apache Ranger plugin - This plugin validates the access of a user against the authorization policies defined in the Apache Ranger policy admin server. Amazon EMR installs and configures the Apache Ranger plugin automatically for each Hadoop application selected in the Apache Ranger configuration.