HIGH

Ensure EMR clusters have encryption in transit enabled

EMR should encrypt data in transit between nodes and to/from S3 using TLS to prevent man-in-the-middle attacks.

Security Impact

Unencrypted network traffic can be intercepted, exposing sensitive data during distributed processing.

How to Remediate

Enable in-transit encryption in security configuration for all EMR applications (HDFS, YARN, Spark, etc.).

Affected Resources

AWS::EMR::SecurityConfiguration

Compliance Frameworks

PCI-DSSHIPAASOC 2NIST 800-53

How TigerGate Helps

TigerGate continuously monitors your AWS environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

  • Continuous Scanning

    Automatically scans all Amazon EMR resources across your AWS accounts every hour

  • Instant Alerts

    Get notified via Slack, email, or webhooks when this misconfiguration is detected

  • One-Click Remediation

    Fix this issue directly from the TigerGate dashboard with our guided remediation

  • Compliance Evidence

    Automatically collect audit evidence for PCI-DSS, HIPAA, SOC 2 compliance

  • Drift Detection

    Get alerted if this configuration drifts back to an insecure state after remediation

Check Details

Check ID
aws-emr-2
Service
Amazon EMR
Category
Encryption
Severity
HIGH

Automate This Check

TigerGate automatically scans your AWS environment for this and 575+ other security checks.

Start Free Trial

Related Amazon EMR Checks

View all checks
aws-emr-1high

Ensure EMR clusters have encryption at rest enabled

aws-emr-3critical

Ensure EMR clusters are not publicly accessible

aws-emr-4high

Ensure EMR security groups restrict access appropriately

aws-emr-5high

Ensure EMR clusters have Kerberos authentication enabled

aws-emr-6medium

Ensure EMR clusters have logging enabled to S3