Skip to content

Configuring JWT Authentication with AWS EMR

By default in AWS EMR Privacera user Kerberos for authentication. However, you can also configure to use JWT token for authentication. You can read about JWT token here.

Prerequisites

Prerequisite Description
JWT Provider You need to have a JWT provider that can generate JWT tokens. You can read more about here
Privacera DataServer You need to have a Privacera DataServer running. You can refer here to setup Privacera DataServer

  1. SSH to the server where Privacera Manager is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Run the following command to open the .yml file to be edited.

    Bash
    1
    vi custom-vars/vars.emr.yml

  4. Add the below property to enable JWT authentication:

    Bash
    1
    EMR_JWT_OAUTH_ENABLE: true

  5. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  6. After the post-install, create a new cluster with newly generated emr-template.json file from output directory.

JWT Auth Configuration is only supported Apache Spark in OLAC setup

Add EMR_JWT_OAUTH_ENABLE in EMR bootstrap action script to enable JWT authentication.

privacera-emr-bootstrap-action-spark_olac
JSON
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"BootstrapActions": [
{
  "Name": "Install Privacera Plugins on Master Node",
  "ScriptBootstrapAction": {
    "Path": "s3://elasticmapreduce/bootstrap-actions/run-if",
    "Args": [
      {
        "Fn::Sub": "instance.isMaster=true"
      },
      {
        "Fn::Sub": "export EMR_JWT_OAUTH_ENABLE=true ; wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-olac"
      }
    ]
  }
},
{
  "Name": "Install Spark OLAC in Core Node",
  "ScriptBootstrapAction": {
    "Path": "s3://elasticmapreduce/bootstrap-actions/run-if",
    "Args": [
      {
        "Fn::Sub": "instance.isMaster=false"
      },
      {
        "Fn::Sub": "export EMR_JWT_OAUTH_ENABLE=true ; wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-olac"
      }
    ]
  }
}
]

Comments