How do I resolve Amazon EMR cluster logs that I can't view in an Amazon S3 bucket with an SSE-KMS encryption policy?
2 minute read
0
I want to resolve Amazon EMR cluster logs that I can't view in an Amazon Simple Storage Service (Amazon S3) bucket with a server-side encryption AWS Key Management Service (AWS KMS) encryption policy.
Resolution
To write logs to an Amazon S3 bucket that has an SSE-KMS encryption policy, use the sync command to manually upload the files.
With Amazon EMR versions 5.30.0 and later (except Amazon EMR 6.0.0), you can encrypt log files that are stored in an Amazon S3 bucket with an AWS KMS customer managed key.
To use the sync command to manually upload your log files, complete the following steps:
Note: Replace example-bucket with your bucket name, example-cluster-id with the cluster ID, and example-kms-key-id with the AWS KMS key ID.
Note: To automate the sync command, use a cron job. To configure the cron job, run a custom bootstrap action on all nodes when you launch an Amazon EMR cluster.