Resource: awsEmrBlockPublicAccessConfiguration
Terraform resource for managing an AWS EMR block public access configuration. This region level security configuration restricts the launch of EMR clusters that have associated security groups permitting public access on unspecified ports. See the EMR Block Public Access Configuration documentation for further information.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
this,
"example",
{
blockPublicSecurityGroupRules: true,
}
);
Default Configuration
By default, each AWS region is equipped with a block public access configuration that prevents EMR clusters from being launched if they have security group rules permitting public access on any port except for port 22. The default configuration can be managed using this Terraform resource.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
this,
"example",
{
blockPublicSecurityGroupRules: true,
permittedPublicSecurityGroupRuleRange: [
{
maxRange: 22,
minRange: 22,
},
],
}
);
\~> NOTE: If an awsEmrBlockPublicAccessConfiguration
Terraform resource is destroyed, the configuration will reset to this default configuration.
Multiple Permitted Public Security Group Rule Ranges
The resource permits specification of multiple permittedPublicSecurityGroupRuleRange
blocks.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
this,
"example",
{
blockPublicSecurityGroupRules: true,
permittedPublicSecurityGroupRuleRange: [
{
maxRange: 22,
minRange: 22,
},
{
maxRange: 101,
minRange: 100,
},
],
}
);
Disabling Block Public Access
To permit EMR clusters to be launched in the configured region regardless of associated security group rules, the Block Public Access feature can be disabled using this Terraform resource.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
this,
"example",
{
blockPublicSecurityGroupRules: false,
}
);
Argument Reference
The following arguments are required:
blockPublicSecurityGroupRules
- (Required) Enable or disable EMR Block Public Access.
The following arguments are optional:
permittedPublicSecurityGroupRuleRange
- (Optional) Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid ifblockPublicSecurityGroupRules
is set totrue
.
permittedPublicSecurityGroupRuleRange
This block is used to define a range of TCP ports that should form exceptions to the Block Public Access Configuration. If an attempt is made to launch an EMR cluster in the configured region and account, with blockPublicSecurityGroupRules =True
, the EMR cluster will be permitted to launch even if there are security group rules permitting public access to ports in this range.
minRange
- (Required) The first port in the range of TCP ports.maxRange
- (Required) The final port in the range of TCP ports.
Attributes Reference
No additional attributes are exported.
Import
The current EMR Block Public Access Configuration can be imported, e.g.,