Configure AWS EMR Cluster to use FIPS endpoint for AWS KMS Calls

0

Hello,

Is it possible to configure EMR service to use the AWS KMS FIPS endpoint (https://ksm-fips.us-gov-east-1.amazonaws.com ) instead of the non-FIPS endpoint (https://ksm.us-gov-east-1.amazonaw.com ) when making calls to KMS to retrieve encryption keys? As per EMR documentation [1], we can use FIPS endpoint via AWS CLI or SDK using --endpoint-url) but not sure if it can be set as a default at the cluster level. [1] https://docs.aws.amazon.com/emr/latest/ManagementGuide/data-protection.html

Thanks.

AWS
SUPPORT ENGINEER
asked 2 years ago393 views
1 Answer
0

In Amazon EMR, KMS is used in different features.

  • Encrypting data on the EMR file system (EMRFS)
  • Encrypting data on the storage volumes of cluster nodes(EBS)
  • Encryption context As of today, none of these features support specifying your own FIPS KMS endpoint.
profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions