Resource: awsEmrBlockPublicAccessConfiguration

Terraform resource for managing an AWS EMR block public access configuration. This region level security configuration restricts the launch of EMR clusters that have associated security groups permitting public access on unspecified ports. See the EMR Block Public Access Configuration documentation for further information.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
  this,
  "example",
  {
    blockPublicSecurityGroupRules: true,
  }
);

Default Configuration

By default, each AWS region is equipped with a block public access configuration that prevents EMR clusters from being launched if they have security group rules permitting public access on any port except for port 22. The default configuration can be managed using this Terraform resource.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
  this,
  "example",
  {
    blockPublicSecurityGroupRules: true,
    permittedPublicSecurityGroupRuleRange: [
      {
        maxRange: 22,
        minRange: 22,
      },
    ],
  }
);

\~> NOTE: If an awsEmrBlockPublicAccessConfiguration Terraform resource is destroyed, the configuration will reset to this default configuration.

Multiple Permitted Public Security Group Rule Ranges

The resource permits specification of multiple permittedPublicSecurityGroupRuleRange blocks.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
  this,
  "example",
  {
    blockPublicSecurityGroupRules: true,
    permittedPublicSecurityGroupRuleRange: [
      {
        maxRange: 22,
        minRange: 22,
      },
      {
        maxRange: 101,
        minRange: 100,
      },
    ],
  }
);

Disabling Block Public Access

To permit EMR clusters to be launched in the configured region regardless of associated security group rules, the Block Public Access feature can be disabled using this Terraform resource.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrBlockPublicAccessConfiguration.EmrBlockPublicAccessConfiguration(
  this,
  "example",
  {
    blockPublicSecurityGroupRules: false,
  }
);

Argument Reference

The following arguments are required:

blockPublicSecurityGroupRules - (Required) Enable or disable EMR Block Public Access.

The following arguments are optional:

permittedPublicSecurityGroupRuleRange - (Optional) Configuration block for defining permitted public security group rule port ranges. Can be defined multiple times per resource. Only valid if blockPublicSecurityGroupRules is set to true.

`permittedPublicSecurityGroupRuleRange`

This block is used to define a range of TCP ports that should form exceptions to the Block Public Access Configuration. If an attempt is made to launch an EMR cluster in the configured region and account, with blockPublicSecurityGroupRules =True, the EMR cluster will be permitted to launch even if there are security group rules permitting public access to ports in this range.

minRange - (Required) The first port in the range of TCP ports.
maxRange - (Required) The final port in the range of TCP ports.

Attributes Reference

No additional attributes are exported.

Import

The current EMR Block Public Access Configuration can be imported, e.g.,

$ terraform import aws_emr_block_public_access_configuration.example current