Skip to content

Using JWT for User Identification in AWS EMR

Pre Read

You should read how Privacera uses JWT for authentication before proceeding with this topic.

Prerequisites

Make sure your administrator as configured your cluster with the required settings as mentioned in the Configuring AWS EMR with JWT section.

Usage of JWT in AWS EMR

JWT token is primarily used in OLAC mode for user identification. The token is passed to the EMR cluster using the --conf option while connecting to the cluster. The token is used to identify the user and enforce access control

Bash
1
2
3
spark-sql \
  --conf "spark.hadoop.privacera.jwt.token.str=<JWT_TOKEN>" \
  --conf "spark.hadoop.privacera.jwt.oauth.enable=true"

Token Visibility in logs

If the JWT token is passed as a Spark configuration variable on command line then the value is redacted by Apache Spark running on EMR, Databricks and Apache Spark since the variable contains the word token.

Comments