You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::EMR::Types::BlockPublicAccessConfiguration

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing BlockPublicAccessConfiguration as input to an Aws::Client method, you can use a vanilla Hash:

{
  block_public_security_group_rules: false, # required
  permitted_public_security_group_rule_ranges: [
    {
      min_range: 1, # required
      max_range: 1,
    },
  ],
}

A configuration for Amazon EMR block public access. When BlockPublicSecurityGroupRules is set to true, Amazon EMR prevents cluster creation if one of the cluster's security groups has a rule that allows inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an exception using PermittedPublicSecurityGroupRuleRanges.

Returned by:

Instance Attribute Summary collapse

Instance Attribute Details

#block_public_security_group_rulesBoolean

Indicates whether EMR block public access is enabled (true) or disabled (false). By default, the value is false for accounts that have created EMR clusters before July 2019. For accounts created after this, the default is true.

Returns:

  • (Boolean)

    Indicates whether EMR block public access is enabled (true) or disabled (false).

#permitted_public_security_group_rule_rangesArray<Types::PortRange>

Specifies ports and port ranges that are permitted to have security group rules that allow inbound traffic from all public sources. For example, if Port 23 (Telnet) is specified for PermittedPublicSecurityGroupRuleRanges, Amazon EMR allows cluster creation if a security group associated with the cluster has a rule that allows inbound traffic on Port 23 from IPv4 0.0.0.0/0 or IPv6 port ::/0 as the source.

By default, Port 22, which is used for SSH access to the cluster EC2 instances, is in the list of PermittedPublicSecurityGroupRuleRanges.

Returns:

  • (Array<Types::PortRange>)

    Specifies ports and port ranges that are permitted to have security group rules that allow inbound traffic from all public sources.