Enable Regional STS Endpoints for EMR
By default, AWS STS requests are routed to the global endpoint. Enabling regional STS endpoints ensures that API calls are directed to the respective AWS region, reducing latency and improving performance. This configuration allows only specific users (e.g., hadoop, hive, trino) to access the regional STS endpoints.
Enable Regional STS Endpoints for Specific Users¶
To enable regional STS endpoints for specific users, follow these steps:
- SSH into the instance where Privacera Manager is installed.
- Run the following command to edit the
vars.emr.yml
file: -
Modify the following properties:
Feature Description Default Value Possible Values EMR_BLOCK_STS_ENDPOINTS Enables or disables the use of AWS STS regional endpoints for specified users. false true/false EMR_STS_STATE Users allowed to use regional STS endpoints (space-separated list). hive presto trino Space-separated list of users -
Once the properties are configured, update your Privacera Manager platform instance by following the commands
Enable Regional STS Endpoints for Users on Running EMR Clusters¶
To enable regional STS endpoints for specific users on running EMR clusters, follow these steps:
- SSH into the EMR master and core nodes.
- Run the following command to navigate to the below directory:
Bash - To enable regional STS endpoints for specific users, run the following command:
Bash - Replace
<region>
with the AWS region where the EMR cluster is running - Replace
<user1 user2 user3>
with a space-separated list of users allowed to access regional STS endpoints.
- Replace
- Prev topic: Advanced Configuration