Enable at-rest encryption for EMR clusters.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | emr |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The EMR cluster is configured without at-rest encryption, meaning data stored on local disks and in S3 is not protected using encryption. This leaves sensitive data vulnerable to unauthorized access if the storage is compromised.
Impact#
Without at-rest encryption, an attacker who gains access to the EMR cluster’s storage or associated S3 buckets could read sensitive data directly. This can lead to data breaches, regulatory non-compliance, and exposure of confidential information.
Resolution#
Enable at-rest encryption for EMR cluster