- Welcome to Privacera
- Introduction to Privacera
- Privacera Platform installation
- Plan for Privacera Platform
- Privacera Platform overview
- Privacera Platform installation overview
- Privacera Platform deployment size
- Privacera Platform installation prerequisites
- Choose a cloud provider
- Select a deployment type
- Configure proxy for Privacera Platform
- Prerequisites for installing Privacera Platform on Kubernetes
- Default Privacera Platform port numbers
- Required environment variables for installing Privacera Platform
- Privacera Platform system requirements for Azure
- Prerequisites for installing Privacera Manager on AWS
- Privacera Platform system requirements for Docker in GCP
- Privacera Platform system requirements for Docker in AWS
- Privacera Platform system requirements for Docker in Azure
- Privacera Platform system requirements for Google Cloud Platform (GCP)
- System requirements for Privacera Manager Host in GKE
- System requirements for Privacera Manager Host in EKS
- System requirements for Privacera Manager Host in AKS
- Install Privacera Platform
- Download the Privacera Platform installation packages
- Privacera Manager overview
- Install Privacera Manager on Privacera Platform
- Install Privacera Platform using an air-gapped install
- Upgrade Privacera Manager
- Troubleshoot Privacera Platform installation
- Validate Privacera Platform installation
- Common errors and warnings in Privacera Platform YAML config files
- Ansible Kubernetes Module does not load on Privacera Platform
- Unable to view Audit Fluentd audits on Privacera Platform
- Unable to view Audit Server audits on Privacera Platform
- No space for Docker images on Privacera Platform
- Unable to see metrics on Grafana dashboard
- Increase storage for Privacera PolicySync on Kubernetes
- Permission denied errors in PM Docker installation
- Non-portal users can access restricted Privacera Platform resources
- Storage issue in Privacera Platform UserSync and PolicySync
- Privacera Manager not responding
- Unable to Connect to Docker
- Privacera Manager unable to connect to Kubernetes Cluster
- Unable to initialize the Discovery Kubernetes pod
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- 6.5 Platform Installation fails with invalid apiVersion
- Database lockup in Docker
- Remove the WhiteLabel Error Page on Privacera Platform
- Unable to start the Privacera Platform portal service
- Connect portal users to Privacera Platform
- Connect Privacera Platform portal users from LDAP
- Set up portal SSO for Privacera Platform with OneLogin using SAML
- Set up portal SSO for Privacea Platform with Okta using SAML
- Set up portal SSO for Privacera Platform with Okta using OAuth
- Set up portal SSO for Privacera Platform with AAD using SAML
- Set up portal SSO for Privacera Platform with PingFederate
- Generate an Okta Identity Provider metadata file and URL
- Connect applications to Privacera Platform for Access Management
- Connect applications to Privacera Platform using the Data Access Server
- Data Access Server overview
- Integrate AWS with Privacera Platform using the Data Access Server
- Integrate GCS and GCP with Privacera Platform using the Data Access Server
- Integrate ADLS with Privacera Platform using the Data Access Server
- Access Kinesis with the Data Access Server on Privacera Platform
- Access Firehose with Data Access Server on Privacera Platform
- Use DynamoDB with Data Access Server on Privacera Platform
- Connect MinIO to Privacera Platform using the Data Access Server
- Use Athena with Data Access Server on Privacera Platform
- Custom Data Access Server properties
- Connect applications to Privacera Platform using the Privacera Plugin
- Overview of Privacera plugins for Databricks
- Connect AWS EMR with Native Apache Ranger to Privacera Platform
- Configure Databricks Spark Fine-Grained Access Control Plugin [FGAC] [Python, SQL]
- Configure Databricks Spark Object-level Access Control Plugin
- Connect Dremio to Privacera Platform via plugin
- Connect Amazon EKS to Privacera Platform using Privacera plugin
- Configure EMR with Privacera Platform
- EMR user guide for Privacera Platform
- Connect GCP Dataproc to Privacera Platform using Privacera plugin
- Connect Kafka datasource via plugin to Privacera Platform
- Connect PrestoSQL standalone to Privacera Platform using Privacera plugin
- Connect Spark standalone to Privacera Platform using the Privacera plugin
- Privacera Spark plugin versus Open-source Spark plugin
- Connect Starburst Enterprise to Privacera Platform via plugin
- Connect Starburst Trino Open Source to Privacera Platform via Plug-In
- Connect Trino Open Source to Privacera Platform via plugin
- Connect applications to Privacera Platform using the Data Access Server
- Configure AuditServer on Privacera Platform
- Configure Solr destination on Privacera Platform
- Enable Solr authentication on Privacera Platform
- Solr properties on Privacera Platform
- Configure Kafka destination on Privacera Platform
- Enable Pkafka for real-time audits in Discovery on Privacera Platform
- AuditServer properties on Privacera Platform
- Configure Fluentd audit logging on Privacera Platform
- Configure High Availability for Privacera Platform
- Configure Privacera Platform system security
- Privacera Platform system security
- Configure SSL for Privacera Platform
- Enable CA-signed certificates on Privacera Platform
- Enable self-signed certificates on Privacera Platform
- Upload custom SSL certificates on Privacera Platform
- Custom Crypto properties on Privacera Platform
- Enable password encryption for Privacera Platform services
- Authenticate Privacera Platform services using JSON Web Tokens
- Configure JSON Web Tokens for Databricks
- Configure JSON Web Tokens for EMR FGAC Spark
- Custom configurations for Privacera Platform
- Privacera Platform system configuration
- Add custom properties using Privacera Manager on Privacera Platform
- Privacera Platform system properties files overview
- Add domain names for Privacera service URLs on Privacera Platform
- Configure Azure PostgreSQL on Privacera Platform
- Spark Standalone properties on Privacera Platform
- AWS Data Access Server properties on Privacera Platform
- Add custom Spark configuration for Databricks on Privacera Platform
- Configure proxy for Privacera Platform
- Configure Azure MySQL on Privacera Platform
- System-level settings for Zookeeper on Privacera Platform
- Configure service name for Databricks Spark plugin on Privacera Platform
- Migrate Privacera Manager from one instance to another
- Restrict access in Kubernetes on Privacera Platform
- System-level settings for Grafana on Privacera Platform
- System-level settings for Ranger KMS on Privacera Platform
- Generate verbose logs on Privacera Platform
- System-level settings for Spark on Privacera Platform
- System-level settings for Azure ADLS on Privacera Platform
- Override Databricks region URL mapping for Privacera Platform on AWS
- Configure Privacera Platform system properties
- EMR custom properties
- Configure AWS Aurora DB (PostgreSQL/MySQL) on Privacera Platform
- Merge Kubernetes configuration files
- Scala Plugin properties on Privacera Platform
- System-level settings for Trino Open Source on Privacera Platform
- System-level settings for Kafka on Privacera Platform
- System-level settings for Graphite on Privacera Platform
- System-level settings for Spark plugin on Privacera Platform
- Create CloudFormation stack
- Configure pod topology for Kubernetes on Privacera Platform
- Configure proxy for Kubernetes on Privacera Platform
- Externalize access to Privacera Platform services with NGINX Ingress
- Custom Privacera Platform portal properties
- Add Data Subject Rights
- Enable or disable the Data Sets menu
- Kubernetes RBAC
- Spark FGAC properties
- Audit Fluentd properties on Privacera Platform
- Switch from Kinesis to Kafka for Privacera Discovery queuing on AWS with Privacera Platform
- Privacera Platform on AWS overview
- Privacera Platform Portal overview
- AWS Identity and Access Management (IAM) on Privacera Platform
- Set up AWS S3 MinIO on Privacera Platform
- Integrate Privacera services in separate VPC
- Install Docker and Docker compose (AWS-Linux-RHEL) on Privacera Platform
- Configure EFS for Kubernetes on AWS for Privacera Platform
- Multiple AWS accounts support in DataServer
- Multiple AWS S3 IAM role support in Data Access Server
- Enable AWS CLI on Privacera Platform
- Configure S3 for real-time scanning on Privacera Platform
- Multiple AWS account support in Dataserver using Databricks on Privacera Platform
- Enable AWS CLI
- AWS S3 Commands - Ranger Permission Mapping
- Plan for Privacera Platform
- PrivaceraCloud setup
- PrivaceraCloud data access methods
- Create PrivaceraCloud account
- Log in to PrivaceraCloud with or without SSO
- Connect applications to PrivaceraCloud
- Connect applications to PrivaceraCloud with the setup wizard
- Connect Azure Data Lake Storage Gen 2 (ADLS) to PrivaceraCloud
- Connect Amazon Textract to PrivaceraCloud
- Connect Athena to PrivaceraCloud
- Connect AWS Lake Formation on PrivaceraCloud
- Get started with AWS Lake Formation
- Create IAM Role for AWS Lake Formation connector
- Connect AWS Lake Formation application on PrivaceraCloud
- Create AWS Lake Formation connectors for multiple AWS regions
- Configuring audit logs for the AWS Lake Formation on PrivaceraCloud
- How to validate a AWS Lake Formation connector
- AWS Lake Formation FAQs for Pull mode
- AWS Lake Formation FAQs for Push mode
- Azure Data Factory Integration with Privacera Enabled Databricks Cluster
- Connect Google BigQuery to PrivaceraCloud
- Connect Cassandra to PrivaceraCloud for Discovery
- Connect Databricks to PrivaceraCloud
- Connect Databricks SQL to PrivaceraCloud
- Connect Databricks to PrivaceraCloud
- Configure Databricks SQL PolicySync on PrivaceraCloud
- Databricks SQL fields on PrivaceraCloud
- Databricks SQL Masking Functions
- Connect Databricks SQL to Hive policy repository on PrivaceraCloud
- Enable Privacera Encryption services in Databricks SQL on PrivaceraCloud
- Example: Create basic policies for table access
- Connect Dataproc to PrivaceraCloud
- Connect Dremio to PrivaceraCloud
- Connect DynamoDB to PrivaceraCloud
- Connect Elastic MapReduce from Amazon application to PrivaceraCloud
- Connect EMR application
- EMR Spark access control types
- PrivaceraCloud configuration
- AWS IAM roles using CloudFormation setup
- Create a security configuration
- Create EMR cluster
- Kerberos required for EMR FGAC or OLAC
- Create EMR cluster using CloudFormation setup (Recommended)
- Create EMR cluster using CloudFormation EMR templates
- EMR template: Spark_OLAC, Hive, Trino (for EMR versions 6.4.0 and above)
- EMR Template for Multiple Master Node: Spark_OLAC, Hive, Trino (for EMR version 6.4.0 and above)
- EMR template: Spark_OLAC, Hive, PrestoSQL (for EMR versions 6.x to 6.3.1)
- EMR template: Spark_FGAC, Hive, Trino (for EMR versions 6.4.0 and above)
- EMR Template for Multiple Master Node: Spark_FGAC, Hive, Trino (for EMR version 6.4.0 and above)
- EMR template: Spark_FGAC, Hive, PrestoSQL (for EMR versions 6.x to 6.3.1)
- Create EMR cluster using CloudFormation AWS CLI
- Create CloudFormation stack
- Create EMR cluster using CloudFormation EMR templates
- Manually create EMR cluster using AWS EMR console
- EMR Native Ranger Integration with PrivaceraCloud
- Connect EMRFS S3 to PrivaceraCloud
- Connect Files to PrivaceraCloud
- Connect Google Cloud Storage to PrivaceraCloud
- Connect Glue to PrivaceraCloud
- Connect Kinesis to PrivaceraCloud
- Connect Lambda to PrivaceraCloud
- Connect MS SQL to PrivaceraCloud
- Connect MySQL to PrivaceraCloud for Discovery
- Connect Open Source Apache Spark to PrivaceraCloud
- Connect Oracle to PrivaceraCloud for Discovery
- Connect PostgreSQL to PrivaceraCloud
- Connect Power BI to PrivaceraCloud
- Connect Presto to PrivaceraCloud
- Connect Redshift to PrivaceraCloud
- Redshift Spectrum PrivaceraCloud overview
- Connect Snowflake to PrivaceraCloud
- Starburst Enterprise with PrivaceraCloud
- Connect Starbrust Trino to PrivaceraCloud
- Connect Starburst Enterprise Presto to PrivaceraCloud
- Connect Synapse to PrivaceraCloud
- Connect S3 to PrivaceraCloud
- Connect Trino to PrivaceraCloud
- Connect Vertica to PrivaceraCloud
- Starburst Trino and Trino SQL command permissions
- Starburst Trino and Trino SQL command permissions - Iceberg connector
- Manage applications on PrivaceraCloud
- Connect users to PrivaceraCloud
- Data sources on PrivaceraCloud
- PrivaceraCloud custom configurations
- Access AWS S3 buckets from multiple AWS accounts on PrivaceraCloud
- Configure multiple JWTs for EMR
- Access cross-account SQS queue for PostgreSQL audits on PrivaceraCloud
- AWS Access with IAM role on PrivaceraCloud
- Databricks cluster deployment matrix with Privacera plugin
- Whitelist py4j security manager via S3 or DBFS
- General functions in PrivaceraCloud settings
- Cross account IAM role for Databricks
- Operational status of PrivaceraCloud and RSS feed
- How to get support
- Access Management
- Get started with Access Management
- Users, groups, and roles
- UserSync
- Add UserSync connectors
- UserSync connector properties on Privacera Platform
- UserSync connector fields on PrivaceraCloud
- UserSync system properties on Privacera Platform
- About Ranger UserSync
- Customize user details on sync
- UserSync integrations
- SCIM Server User-Provisioning on PrivaceraCloud
- Azure Active Directory UserSync integration on Privacera Platform
- LDAP UserSync integration on Privacera Platform
- Policies
- How polices are evaluated
- General approach to validating policy
- Resource policies
- About service groups on PrivaceraCloud
- Service/Service group global actions
- Create resource policies: general steps
- About secure database views
- PolicySync design on Privacera Platform
- PolicySync design and configuration on Privacera Platform
- Relationships: policy repository, connector, and datasource
- PolicySync topologies
- Connector instance directory/file structure
- Required basic PolicySync topology: always at least one connector instance
- Optional topology: multiple connector instances for Kubernetes pods and Docker containers
- Recommended PolicySync topology: individual policy repositories for individual connectors
- Optional encryption of property values
- Migration to PolicySync v2 on Privacera Platform 7.2
- Databricks SQL connector for PolicySync on Privacera Platform
- Databricks SQL connector properties for PolicySync on Privacera Platform
- Dremio connector for PolicySync on Privacera Platform
- Dremio connector properties for PolicySync on Privacera Platform
- Configure AWS Lake Formation on Privacera Platform
- Get started with AWS Lake Formation
- Create IAM Role for AWS Lake Formation connector for Platform
- Configure AWS Lake Formation connector on Privacera Platform
- Create AWS Lake Formation connectors for multiple AWS regions for Platform
- Setup audit logs for AWS Lake Formation on Platform
- How to validate a AWS Lake Formation connector
- AWS Lake Formation FAQs for Pull mode
- AWS Lake Formation FAQs for Push mode
- AWS Lake Formation Connector Properties
- Google BigQuery connector for PolicySync on Privacera Platform
- BigQuery connector properties for PolicySync on Privacera Platform
- Microsoft SQL Server connector for PolicySync on Privacera Platform
- Microsoft SQL connector properties for PolicySync on Privacera Platform
- PostgreSQL connector for PolicySync on Privacera Platform
- PostgreSQL connector properties for PolicySync on Privacera Platform
- Power BI connector for PolicySync
- Power BI connector properties for PolicySync on Privacera Platform
- Redshift and Redshift Spectrum connector for PolicySync
- Redshift and Redshift Spectrum connector properties for PolicySync on Privacera Platform
- Snowflake connector for PolicySync on Privacera Platform
- Snowflake connector properties for PolicySync on Privacera Platform
- PolicySync design and configuration on Privacera Platform
- Configure resource policies
- Configure ADLS resource policies
- Configure AWS S3 resource policies
- Configure Athena resource policies
- Configure Databricks resource policies
- Configure DynamoDB resource policies
- Configure Files resource policies
- Configure GBQ resource policies
- Configure GCS resource policies
- Configure Glue resource policies
- Configure Hive resource policy
- Configure Lambda resource policies
- Configure Kafka resource policies
- Configure Kinesis resource policies
- Configure MSSQL resource policies
- Configure PowerBI resource policies
- Configure Presto resource policies
- Configure Postgres resource policies
- Configure Redshift resource policies
- Configure Snowflake resource policies
- Configure Policy with Attribute-Based Access Control (ABAC) on PrivaceraCloud
- Attribute-based access control (ABAC) macros
- Configure access policies for AWS services on Privacera Platform
- Configure policy with conditional masking on Privacera Platform
- Create access policies for Databricks on Privacera Platform
- Order of precedence in PolicySync filter
- Example: Manage access to Databricks SQL with Privacera
- Service/service group global actions on the Resource Policies page
- Tag policies
- Policy configuration settings
- Security zones
- Manage Databricks policies on Privacera Platform
- Use a custom policy repository with Databricks
- Configure policy with Attribute-Based Access Control on Privacera Platform
- Create Databricks policies on Privacera Platform
- Example: Create basic policies for table access
- Examples of access control via programming
- Secure S3 via Boto3 in Databricks notebook
- Other Boto3/Pandas examples to secure S3 in Databricks notebook with PrivaceraCloud
- Secure Azure file via Azure SDK in Databricks notebook
- Control access to S3 buckets with AWS Lambda function on PrivaceraCloud or Privacera Platform
- Service Explorer
- Audits
- Required permissions to view audit logs on Privacera Platform
- About PolicySync access audit records and policy ID on Privacera Platform
- View audit logs
- View PEG API audit logs
- Generate audit logs using GCS lineage
- Configure Audit Access Settings on PrivaceraCloud
- Configure AWS RDS PostgreSQL instance for access audits
- Accessing PostgreSQL Audits in Azure
- Accessing PostgreSQL Audits in GCP
- Configure Microsoft SQL server for database synapse audits
- Examples of audit search
- Reports
- Discovery
- Get started with Discovery
- Planning for Privacera Discovery
- Install and Enable Privacera Discovery
- Set up Discovery on Privacera Platform
- Set up Discovery on AWS for Privacera Platform
- Set up Discovery on Azure for Privacera Platform
- Set up Discovery on Databricks for Privacera Platform
- Set up Discovery on GCP for Privacera Platform
- Enable Pkafka for real-time audits in Discovery on Privacera Platform
- Customize topic and table names on Privacera Platform
- Enable Discovery on PrivaceraCloud
- Scan resources
- Supported file formats for Discovery Scans
- Privacera Discovery scan targets
- Processing order of scan techniques
- Register data sources on Privacera Platform
- Data sources on Privacera Platform
- Add a system data source on Privacera Platform
- Add a resource data source on Privacera Platform
- Add AWS S3 application data source on Privacera Platform
- Add Azure ADLS data source on Privacera Platform
- Add Databricks Spark SQL data source on Privacera Platform
- Add Google BigQuery (GBQ) data source on Privacera Platform
- Add Google Pub-Sub data source on Privacera Platform
- Add Google Cloud Storage data source on Privacera Platform
- Set up cross-project scanning on Privacera Platform
- Google Pub-Sub Topic message scan on Privacera Platform
- Add JDBC-based systems as data sources for Discovery on Privacera Platform
- Add and scan resources in a data source
- Start a scan
- Start offline and realtime scans
- Scan Status overview
- Cancel a scan
- Trailing forward slash (/) in data source URLs/URIs
- Configure Discovery scans
- Tags
- Add Tags
- Import Tags
- Add, edit, or delete Tag attributes
- Edit Tag descriptions
- Delete Tags
- Export Tags
- Search for Tags
- Fetch AWS S3 Tags
- Propagate Privacera Discovery Tags to Ranger
- TagSync using Apache Ranger on Privacera Platform
- Add Tags with Ranger REST API
- Dictionaries
- Types of dictionaries
- Dictionary Keys
- Manage dictionaries
- Default dictionaries
- Add a dictionary
- Import a dictionary
- Upload a dictionary
- Enable or disable a dictionary
- Include a Dictionary
- Exclude a dictionary
- Add keywords to an included dictionary
- Edit a dictionary
- Copy a dictionary
- Export a dictionary
- Search for a dictionary
- Test dictionaries
- Dictionary tour
- Patterns
- Models
- Rules
- Configure scans
- Scan setup
- Adjust default scan depth on Privacera Platform
- Classifications using random sampling on PrivaceraCloud
- Enable Discovery Realtime Scanning Using IAM Role on PrivaceraCloud
- Enable Real-time Scanning on ADLS Gen 2 on PrivaceraCloud
- Enable Real-time Scanning of S3 Buckets on PrivaceraCloud
- Connect ADLS Gen2 Application for Data Discovery on PrivaceraCloud
- Include and exclude resources in GCS
- Configure real-time scan across projects in GCP
- Enable offline scanning on ADLS Gen 2 on PrivaceraCloud
- Include and exclude datasets and tables in GBQ
- Google Sink to Pub/Sub
- Tags
- Data zones on Privacera Platform
- Planing data zones on Privacera Platform
- Data Zone Dashboard
- Enable data zones on Privacera Platform
- Add resources to a data zone on Privacera Platform
- Create a data zone on Privacera Platform
- Edit data zones on Privacera Platform
- Delete data zones on Privacera Platform
- Import data zones on Privacera Platform
- Export data zones on Privacera Platform
- Disable data zones on Privacera Platform
- Create tags for data zones on Privacera Platform
- Data zone movement
- Data zones overview
- Configure data zone policies on Privacera Platform
- Encryption for Right to Privacy (RTP) on Privacera Platform
- Workflow policy use case example
- Define Discovery policies on Privacera Platform
- Disallowed Groups policy
- Disallowed Movement Policy
- Compliance Workflow policies on Privacera Platform
- De-identification policy
- Disallowed Subnets Policy
- Disallowed Subnet Range Policy
- Disallowed Tags policy
- Expunge policy
- Disallowed Users Policy
- Right to Privacy policy
- Workflow Expunge Policy
- Workflow policy
- View scanned resources
- Discovery reports and dashboards
- Alerts Dashboard
- Discovery Dashboard
- Built-in reports
- Offline reports
- Saved Reports
- Reports with the Query Builder
- Discovery Health Check
- Set custom Discovery properties on Privacera Platform
- Get started with Discovery
- Encryption
- Get started with Encryption
- The encryption process
- Encryption architecture and UDF flow
- Install Encryption on Privacera Platform
- Encryption on Privacera Platform deployment specifications
- Configure Ranger KMS with Azure Key Vault on Privacera Platform
- Enable telemetry data collection on Privacera Platform
- AWS S3 bucket encryption on Privacera Platform
- Set up PEG and Cryptography with Ranger KMS on Privacera Platform
- Provide user access to Ranger KMS
- PEG custom properties
- Enable Encryption on PrivaceraCloud
- Encryption keys
- Master Key
- Key Encryption Key (KEK)
- Data Encryption Key (DEK)
- Encrypted Data Encryption Key (EDEK)
- Rollover encryption keys on Privacera Platform
- Connect to Azure Key Vault with a client ID and certificate on Privacera Platform
- Connect to Azure Key Vault with Client ID and Client Secret on Privacera Platform
- Migrate Ranger KMS master key on Privacera Platform
- Ranger KMS with Azure Key Vault on Privacera Platform
- Schemes
- Encryption schemes
- Presentation schemes
- Masking schemes
- Scheme policies
- Formats
- Algorithms
- Scopes
- Deprecated encryption schemes
- About LITERAL
- User-defined functions (UDFs)
- Encryption UDFs for Apache Spark on PrivaceraCloud
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Encryption UDFs for Trino
- Prerequisites for installing Privacera crypto plugin for Trino
- Install the Privacera crypto plugin for Trino using Privacera Manager
- privacera.unprotect with optional presentation scheme
- Example queries to verify Privacera-supplied UDFs
- Privacera Encryption UDFs for Starburst Enterprise Trino on PrivaceraCloud
- Syntax of Privacera Encryption UDFs for Trino
- Prerequisites for installing Privacera Crypto plug-in for Trino
- Download and install Privacera Crypto jar
- Set variables in Trino etc/crypto.properties
- Restart Trino to register the Privacera encryption and masking UDFs for Trino
- Example queries to verify Privacera-supplied UDFs
- Privacera Encryption UDF for masking in Trino on PrivaceraCloud
- Databricks UDFs for Encryption
- Create Privacera protect UDF
- Create Privacera unprotect UDF
- Run sample queries in Databricks to verify
- Create a custom path to the crypto properties file in Databricks
- Create and run Databricks UDF for masking
- Privacera Encryption UDF for masking in Databricks on PrivaceraCloud
- Set up Databricks encryption and masking
- Get started with Encryption
- API
- REST API Documentation for Privacera Platform
- Access Control using APIs on Privacera Platform
- UserSync REST endpoints on Privacera Platform
- REST API endpoints for working tags on Privacera Platform
- PEG REST API on Privacera Platform
- API authentication methods on Privacera Platform
- Anatomy of the /protect API endpoint on Privacera Platform
- Construct the datalist for protect
- Deconstruct the datalist for unprotect
- Example of data transformation with /unprotect and presentation scheme
- Example PEG API endpoints
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- REST API reference
- Make calls on behalf of another user on Privacera Platform
- Troubleshoot REST API Issues on Privacera Platform
- Encryption API date input formats
- Supported day-first date input formats
- Supported month-first date input formats
- Supported year-first date input formats
- Examples of supported date input formats
- Supported date ranges
- Day-first formats
- Date input formats and ranges
- Legend for date input formats
- Year-first formats
- Supported date range
- Month-first formats
- Examples of allowable date input formats
- PEG REST API on PrivaceraCloud
- REST API prerequisites
- Anatomy of a PEG API endpoint on PrivaceraCloud
- About constructing the datalist for /protect
- About deconstructing the response from /unprotect
- Example of data transformation with /unprotect and presentation scheme
- Example PEG REST API endpoints for PrivaceraCloud
- Audit details for PEG REST API accesses
- Make calls on behalf of another user on PrivaceraCloud
- Apache Ranger API on PrivaceraCloud
- API Key on PrivaceraCloud
- Administration and Releases
- Privacera Platform administration
- Portal user management
- Change password for Privacera Platform services
- Generate tokens on Privacera Platform
- Validations on Privacera Platform
- Health check on Privacera Platform
- Event notifications for system health
- Export or import a configuration file on Privacera Platform
- Logs on Privacera Platform
- Increase Privacera Platform portal timeout for large requests
- Platform Support Policy and End-of-Support Dates
- Enable Grafana metrics on Privacera Platform
- Enable Azure CLI on Privacera Platform
- Migrate from Databricks Spark to Apache Spark
- Migrate from PrestoSQL to Trino
- Ranger Admin properties on Privacera Platform
- Basic steps for blue/green upgrade of Privacera Platform
- Event notifications for system health
- Metrics
- Get ADLS properties
- PrivaceraCloud administration
- About the Account page on PrivaceraCloud
- Statistics on PrivaceraCloud
- PrivaceraCloud dashboard
- Event notifications for system health
- Metrics
- Usage statistics on PrivaceraCloud
- Update PrivaceraCloud account info
- Manage PrivaceraCloud accounts
- Create and manage IP addresses on PrivaceraCloud
- Scripts for AWS CLI or Azure CLI for managing connected applications
- Add UserInfo in S3 Requests sent via Data Access Server on PrivaceraCloud
- Previews
- PrivaceraCloud previews
- Preview: Scan Electronic Health Records with NER Model
- Preview: File Explorer for GCS
- Preview: File Explorer for Azure
- Preview: OneLogin setup for SAML-SSO
- Preview: File Explorer for AWS S3
- Preview: PingFederate UserSync
- Preview: Azure Active Directory SCIM Server UserSync
- Preview: OneLogin UserSync
- Privacera UserSync Configuration
- Governed Data Stewardship on PrivaceraCloud
- Overview of Governed Data Stewardship on PrivaceraCloud
- Concepts in Governed Data Stewardship
- Supported Applications
- Prerequisites and planning
- Additional features
- Applications and database resources
- Granular permissions on resources
- Automatic expiry of access for shared datasets or projects
- At-a-glance dashboards by role
- Optional data steward
- Privacera Discovery scans by admin or data owner
- Optional project leader
- Optional terms of use
- Discoverability of shared datasets
- User request access to datasets
- Notifications
- Overview to examples by role
- Databricks Partner Connect - Quickstart for Unity Catalog
- Privacera Platform previews
- Preview: AlloyDB connector for PolicySync
- Configure AWS Lake Formation on Privacera Platform
- Get started with AWS Lake Formation
- Create IAM Role for AWS Lake Formation connector for Platform
- Configure AWS Lake Formation connector on Privacera Platform
- Create AWS Lake Formation connectors for multiple AWS regions for Platform
- Setup audit logs for AWS Lake Formation on Platform
- How to validate a AWS Lake Formation connector
- AWS Lake Formation FAQs for Pull mode
- AWS Lake Formation FAQs for Push mode
- AWS Lake Formation Connector Properties
- PrivaceraCloud previews
- Release documentation
- Previous versions of Privacera Platform documentation
- PrivaceraCloud Release Notes
- Updates in PrivaceraCloud release 7.9
- Updates in PrivaceraCloud release 7.8
- Updates in PrivaceraCloud release 7.7
- Updates in PrivaceraCloud release 7.6
- Updates in PrivaceraCloud release 7.5
- Updates in PrivaceraCloud release 7.4
- Updates in PrivaceraCloud release 7.3
- Updates in PrivaceraCloud release 7.2
- Updates in PrivaceraCloud release 7.1
- PrivaceraCloud browser compatibility
- Documentation changelog
- Known Issues in PrivaceraCloud release
- Privacera Platform Release Notes
- Privacera documentation changelog
- For PrivaceraCloud 7.9 release, 2023-05-10
- For Privacera Platform 7.8 release, 2023-05-09
- For PrivaceraCloud 7.8 release, 2023-03-12
- For PrivaceraCloud 7.7 release, 2023-03-14
- For PrivaceraCloud 7.6 release, 2023-02-13
- For PrivaceraCloud 7.5 release, 2023-02-07
- For Privacera Platform 7.5 release 2023-02-07
- Privacera system security initiatives
- Privacera Platform administration
PrevNextPrerequisites
Connect Elastic MapReduce from Amazon application to PrivaceraCloud
This topic describes how to connect an Elastic MapReduce from Amazon application to PrivaceraCloud for access control.
Connect EMR application
Go to Settings > Applications.
In the Applications screen, select EMR.
Enter the application Name and Description, and then click Save.
Click the toggle button to enable Access Management for your application.
EMR Spark access control types
EMR Spark supports two types of access control: Fine-Grained Access Control (FGAC) and Object Level Access Control (OLAC). EMR FGAC and OLAC are mutually exclusive.
Kerberos required for EMR FGAC or OLAC
Note
To support Privacera FGAC or OLAC, the EMR application must be configured with Kerberos.
EMR Spark OLAC
The advantages of EMR Spark OLAC:
It allows you to access existing AWS S3 resource location that you are trying to access with Spark.
It uses
privacera_s3service for resource-based access control andprivacera_tagservice for tag-based access control.It uses the signed-authorization implementation from Privacera.
EMR Spark FGAC
When FGAC is installed and enabled, each data user query is parsed by Spark and authorized by the PrivaceraCloud Spark Plug-In. All resources referred to by the query must be accessible to the requesting user.
PrivaceraCloud configuration
Obtain EMR script download URL
Obtain your account unique call-in <emr-script-download-url> to allow the EMR cluster to obtain additional scripts and setup from PrivaceraCloud:
In PrivaceraCloud portal, go to Settings > API Keys .
Use an existing Active Api Key or create a new one. Set Expiry = Never Expires.
Click the API Key Info (i) button.
On the API Key Info page, click the COPY URL button in front of the AWS EMR Setup Script to store the
emr-script-download-url.
AWS IAM roles using CloudFormation setup
The following two IAM roles need to be created before launching the cluster. These can be created easily with minimal permission using the IAM roles creation template.
Node role: EmrPrivaceraNodeRole
App data access role: EmrPrivaceraDataAcessRole
If required, you can modify the template based on your requirements.
To create role, use the following AWS CLI CloudFormation command:
Note
This must be executed from an EC2 that has permission to create a CloudFormation stack.
aws --region <AWS-REGION> cloudformation create-stack --stack-name privacera-emr-role-creation --template-body file://emr-roles-creation-template.json --capabilities CAPABILITY_NAMED_IAM
For more information about how to create a stack using a CloudFormation template, see Create CloudFormation stack.
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"Create roles and policies for use by Privacera-Protected EMR Clusters",
"Resources":{
"EmrRestrictedRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"RoleName":{
"Fn::Join":[
"",
[
"EmrPrivaceraNodeRole"
]
]
},
"AssumeRolePolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/"
}
},
"EmrRestrictedPolicy":{
"Type":"AWS::IAM::ManagedPolicy",
"Properties":{
"ManagedPolicyName":{
"Fn::Join":[
"",
[
"EMRPrivaceraNodePolicy"
]
]
},
"PolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"EmrServiceLimited",
"Effect":"Allow",
"Action":[
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetTable",
"glue:GetTables",
"glue:GetTableVersions",
"glue:CreatePartition",
"glue:BatchCreatePartition",
"glue:UpdatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:CreateUserDefinedFunction",
"glue:UpdateUserDefinedFunction",
"glue:DeleteUserDefinedFunction",
"glue:GetUserDefinedFunction",
"glue:GetUserDefinedFunctions",
"ec2:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSteps"
],
"Resource":"*"
},
{
"Sid":"EmrS3Limited",
"Effect":"Allow",
"Action":"s3:*",
"Resource":[
"arn:aws:s3:::*.elasticmapreduce/*",
"arn:aws:s3:::elasticmapreduce/*",
"arn:aws:s3:::elasticmapreduce",
"arn:aws:s3:::<PLEASE_UPDATE EMR_CLUSTER_LOG_S3_PATH>",
"arn:aws:s3:::<PLEASE_UPDATE EMR_CLUSTER_HIVE_WAREHOUSE_S3_PATH>"
]
},
{
"Sid":"EmrAssumeIAM",
"Effect":"Allow",
"Action":"sts:AssumeRole",
"Resource":[
"arn:aws:iam::<PLEASE_UPDATE AWS_ACCCOUNT_ID>:role/EmrPrivaceraDataAccessRole"
]
}
]
},
"Roles":[
{
"Ref":"EmrRestrictedRole"
}
]
}
},
"EmrRoleForApps":{
"Type":"AWS::IAM::Role",
"Properties":{
"RoleName":{
"Fn::Join":[
"",
[
"EmrPrivaceraDataAccessRole"
]
]
},
"AssumeRolePolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
},
{
"Effect":"Allow",
"Principal":{
"AWS":{
"Fn::GetAtt":[
"EmrRestrictedRole",
"Arn"
]
}
},
"Action":"sts:AssumeRole"
}
]
},
"Path":"/"
}
},
"DataAccessPolicy":{
"Type":"AWS::IAM::ManagedPolicy",
"Properties":{
"ManagedPolicyName":{
"Fn::Join":[
"",
[
"EmrPrivaceraDataAcessPolicy"
]
]
},
"PolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"S3DataAccess",
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:ListBucketMultipartUploads",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource":[
"arn:aws:s3:::*.elasticmapreduce/*",
"arn:aws:s3:::elasticmapreduce/*",
"arn:aws:s3:::elasticmapreduce",
"arn:aws:s3:::<PLEASE_UPDATE EMR_CLUSTER_LOG_S3_PATH>",
"arn:aws:s3:::<PLEASE_UPDATE EMR_CLUSTER_HIVE_WAREHOUSE_S3_PATH>"
]
}
]
},
"Roles":[
{
"Ref":"EmrRoleForApps"
}
]
}
},
"EmrRestrictedRoleProfile":{
"Type":"AWS::IAM::InstanceProfile",
"Properties":{
"InstanceProfileName":{
"Ref":"EmrRestrictedRole"
},
"Roles":[
{
"Ref":"EmrRestrictedRole"
}
]
}
},
"EmrRoleForAppsProfile":{
"Type":"AWS::IAM::InstanceProfile",
"Properties":{
"InstanceProfileName":{
"Ref":"EmrRoleForApps"
},
"Roles":[
{
"Ref":"EmrRoleForApps"
}
]
}
}
},
"Outputs":{
"EMRRestrictedRole":{
"Value":{
"Ref":"EmrRestrictedRole"
}
},
"EmrRoleForApps":{
"Value":{
"Ref":"EmrRoleForApps"
}
}
}
}Create a security configuration
You can create a security configuration using:
CloudFormation setup (Recommended)
AWS EMR console (Manually)
Create a security configuration using CloudFormation setup (Recommended)
A new security configuration must be created with the Kerberos server that will be connected to the EMR cluster. Using the EMR security configuration template, you can easily create this with minimal permission.
If required, you can modify the template
emr-security-config-template.jsonbased on your requirements.To create security configuration, use the following AWS CLI CloudFormation command:
Note
This must be executed from an EC2 that has permission to create a CloudFormation stack.
aws --region <AWS-REGION> cloudformation create-stack --stack-name privacera-emr-security-config-creation --template-body file://emr-security-config-template.json
For more information about how to create a stack using a CloudFormation template, see Create CloudFormation stack.
Cluster Dedicated KDC Configuration Template
Note
This template assumes you have a cluster-specific KDC with Cross Realm Trust enabled.
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"Create Security Configuration for use by Privacera-Protected EMR Clusters",
"Resources":{
"SecurityConfiguration":{
"Type":"AWS::EMR::SecurityConfiguration",
"Properties":{
"Name":"EmrPrivaceraSecurityGroup",
"SecurityConfiguration":{
"AuthorizationConfiguration":{
"EmrFsConfiguration":{
"RoleMappings":[
{
"Role":"arn:aws:iam::<PLEASE_UPDATE AWS_ACCCOUNT_ID>:role/EmrPrivaceraDataAccessRole",
"IdentifierType":"User",
"Identifiers":[
"hive,presto,trino"
]
}
]
}
},
"AuthenticationConfiguration":{
"KerberosConfiguration":{
"Provider":"ClusterDedicatedKdc",
"ClusterDedicatedKdcConfiguration":{
"TicketLifetimeInHours":24,
"CrossRealmTrustConfiguration":{
"AdminServer":"<PLEASE_UPDATE>",
"Domain":"<PLEASE_UPDATE>",
"KdcServer":"<PLEASE_UPDATE>",
"Realm":"<PLEASE_UPDATE>"
}
}
}
}
}
}
}
}
}External KDC Configuration Template
Note
This is required if you enable Multiple Master Nodes.
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"Create Security Configuration for use by Privacera-Protected EMR Clusters",
"Resources":{
"SecurityConfiguration":{
"Type":"AWS::EMR::SecurityConfiguration",
"Properties":{
"Name":"EmrPrivaceraSecurityGroup",
"SecurityConfiguration":{
"AuthorizationConfiguration":{
"EmrFsConfiguration":{
"RoleMappings":[
{
"Role":"arn:aws:iam::<PLEASE_UPDATE AWS_ACCCOUNT_ID>:role/EmrPrivaceraDataAccessRole",
"IdentifierType":"User",
"Identifiers":[
"hive,presto,trino"
]
}
]
}
},
"AuthenticationConfiguration":{
"KerberosConfiguration":{
"Provider":"ExternalKdc",
"ExternalKdcConfiguration":{
"TicketLifetimeInHours":24,
"KdcServerType":"Single",
"AdminServer":"<PLEASE_UPDATE>",
"KdcServer":"<PLEASE_UPDATE>"
}
}
}
}
}
}
}
}Manually create a security configuration using AWS EMR console
To create a security configuration using the AWS EMR console:
Log into the AWS EMR console.
In the left navigation, select Security Configuration > Create New Security Configuration.
Enter a Name for Security Configuration. For example,
emr_sec_config.Navigate to the Authentication section, check Enable Kerberos authentication, and enter the Kerberos environment details as follows:
Provider: Cluster dedicated KDC
TicketLifetime: 24 hours
Cross-realm trust
Realm: EXAMPLE.COM
You must use the actual URL instead of the domain EXAMPLE.COM.
Domain: example.com
Admin server: sever.admin.com
KDC server: server.example.com
Select Use IAM roles for EMRFS requests to Amazon S3.
IAM Role: select the App data access role created in AWS IAM roles using CloudFormation setup.
Under Basis for access select an identifier type ( User ) from the list and enter corresponding identifiers (
hadoop;hive;presto;trino).
Create EMR cluster
To enable access control for Trino or PrestoSQL in EMR, the specific application need to be enabled prior to configuring EMR.
Go to Settings > Applications.
In the Applications screen, select Trino or Presto as per your EMR version.
Note
If the EMR version is 6.4.0 or above, then select Trino.
If the EMR version is 6.x to 6.3.1, then select Presto.
Enter the application Name and Description, and then click Save.
Click the toggle button to enable Access Management for your application.
Kerberos required for EMR FGAC or OLAC
Note
To support Privacera FGAC or OLAC, EMR application must be running on Kerberos.
You can create EMR cluster using:
CloudFormation setup (Recommended)
Using CloudFormation EMR templates
Using Cloud formation AWS CLI
Using Cloud formation AWS Console
AWS EMR console (Manually)
Create EMR cluster using CloudFormation setup (Recommended)
Create EMR cluster using CloudFormation EMR templates
To create an EMR cluster, use the CloudFormation templates listed below. You can modify the templates to meet your needs. It is recommended to maintain the same common variables from the previous setup steps.
{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-EMR-Spark_OLAC-Hive-Trino"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<KDC-USER-PASSWORD>"
},
"CrossRealmTrustPrincipalPassword":{
"Description":"KDC Cross Realm Trust Principal password",
"Type":"String",
"Default":"<KDC-PRINCIPAL-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"EC2.INTERNAL",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
},
"CrossRealmTrustPrincipalPassword":{
"Ref":"CrossRealmTrustPrincipalPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":1,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
},
{
"Name":"Install Spark OLAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"Trino"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":""com.privacera.emr.glue.PrivaceraGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"trino-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-Multiple-Master-EMR-Spark_OLAC-Hive-Trino"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<PLEASE_UPDATE EXTERNAL-KDC-USER-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"<PLEASE_UPDATE EXTERNAL-KDC-REALM>",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":3,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
},
{
"Name":"Install Spark OLAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"Trino"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
},
{
"Name":"Oozie"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"trino-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.security.credstore.java-keystore-provider.password-file":"",
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
},
{
"Classification":"oozie-site",
"ConfigurationProperties":{
"oozie.service.JPAService.jdbc.driver":"org.mariadb.jdbc.Driver",
"oozie.service.JPAService.jdbc.url":"jdbc:mysql://<PLEASE_UPDATE EXTERNAL_DB_HOST>:<PLEASE_UPDATE EXTERNAL_DB_PORT>/<PLEASE_UPDATE EXTERNAL_DB_NAME>?createDatabaseIfNotExist=true",
"oozie.service.JPAService.jdbc.username":"<PLEASE_UPDATE EXTERNAL_JDBC_USER>",
"oozie.service.JPAService.jdbc.password":"<PLEASE_UPDATE EXTERNAL_JDBC_PASSWORD>"
},
"Configurations":[
]
},
{
"Classification":"hue-ini",
"ConfigurationProperties":{
},
"Configurations":[
{
"Classification":"desktop",
"ConfigurationProperties":{
},
"Configurations":[
{
"Classification":"database",
"ConfigurationProperties":{
"engine":"mysql",
"host":"<PLEASE_UPDATE EXTERNAL_DB_HOST>",
"port":"<PLEASE_UPDATE EXTERNAL_DB_HOST>",
"user":"<PLEASE_UPDATE EXTERNAL_DB_USER>",
"password":"<PLEASE_UPDATE EXTERNAL_DB_PASSWORD>",
"name":"<PLEASE_UPDATE EXTERNAL_DB_NAME>"
},
"Configurations":[
]
}
]
}
]
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-EMR-Spark_OLAC-Hive-PrestoSQL"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<KDC-USER-PASSWORD>"
},
"CrossRealmTrustPrincipalPassword":{
"Description":"KDC Cross Realm Trust Principal password",
"Type":"String",
"Default":"<KDC-PRINCIPAL-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"EC2.INTERNAL",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
},
"CrossRealmTrustPrincipalPassword":{
"Ref":"CrossRealmTrustPrincipalPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":1,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
},
{
"Name":"Install Spark OLAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"PrestoSQL"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"prestosql-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}
{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-EMR-Spark_FGAC-Hive-Trino"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<KDC-USER-PASSWORD>"
},
"CrossRealmTrustPrincipalPassword":{
"Description":"KDC Cross Realm Trust Principal password",
"Type":"String",
"Default":"<KDC-PRINCIPAL-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"EC2.INTERNAL",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
},
"CrossRealmTrustPrincipalPassword":{
"Ref":"CrossRealmTrustPrincipalPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":1,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
},
{
"Name":"Install Spark FGAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"Trino"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"trino-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}
{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-Multiple-Master-EMR-Spark_FGAC-Hive-Trino"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<PLEASE_UPDATE EXTERNAL-KDC-USER-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"<PLEASE_UPDATE EXTERNAL-KDC-REALM>",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":3,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
},
{
"Name":"Install Spark FGAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"Trino"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
},
{
"Name":"Oozie"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"trino-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.security.credstore.java-keystore-provider.password-file":"",
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
},
{
"Classification":"oozie-site",
"ConfigurationProperties":{
"oozie.service.JPAService.jdbc.driver":"org.mariadb.jdbc.Driver",
"oozie.service.JPAService.jdbc.url":"jdbc:mysql://<PLEASE_UPDATE EXTERNAL_DB_HOST>:<PLEASE_UPDATE EXTERNAL_DB_PORT>/<PLEASE_UPDATE EXTERNAL_DB_NAME>?createDatabaseIfNotExist=true",
"oozie.service.JPAService.jdbc.username":"<PLEASE_UPDATE EXTERNAL_JDBC_USER>",
"oozie.service.JPAService.jdbc.password":"<PLEASE_UPDATE EXTERNAL_JDBC_PASSWORD>"
},
"Configurations":[
]
},
{
"Classification":"hue-ini",
"ConfigurationProperties":{
},
"Configurations":[
{
"Classification":"desktop",
"ConfigurationProperties":{
},
"Configurations":[
{
"Classification":"database",
"ConfigurationProperties":{
"engine":"mysql",
"host":"<PLEASE_UPDATE EXTERNAL_DB_HOST>",
"port":"<PLEASE_UPDATE EXTERNAL_DB_HOST>",
"user":"<PLEASE_UPDATE EXTERNAL_DB_USER>",
"password":"<PLEASE_UPDATE EXTERNAL_DB_PASSWORD>",
"name":"<PLEASE_UPDATE EXTERNAL_DB_NAME>"
},
"Configurations":[
]
}
]
}
]
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}
{
"Parameters":{
"CLUSTERNAME":{
"Description":"Name of the emr cluster",
"Type":"String",
"Default":"PCloud-EMR-Spark_FGAC-Hive-PrestoSQL"
},
"EMRRegion":{
"Description":"aws region name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"EMRVersion":{
"Description":"Emr version",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"MasterSecurityGroup":{
"Description":"Emr master/edge node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"SlaveSecurityGroup":{
"Description":"Emr worker/slave node security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"ServiceAccessSecurityGroup":{
"Description":"Emr service access security group",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"Ec2SubnetId":{
"Description":"Ec2 subnet id",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"HiveMetaStoreS3Path":{
"Description":"Hive metastore s3 path",
"Type":"String",
"Default":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/hive_warehouse"
},
"Ec2KeyName":{
"Description":"Ec2 keypair name",
"Type":"String",
"Default":"<EC2-SSH-KEY_PAIR-NAME>"
},
"Market":{
"Description":"Ec2 Instance market type",
"Type":"String",
"Default":"ON_DEMAND"
},
"KDCName":{
"Description":"KDC Name",
"Type":"String",
"Default":"<PLEASE_UPDATE>"
},
"KdcAdminPassword":{
"Description":"KDC admin user password",
"Type":"String",
"Default":"<KDC-USER-PASSWORD>"
},
"CrossRealmTrustPrincipalPassword":{
"Description":"KDC Cross Realm Trust Principal password",
"Type":"String",
"Default":"<KDC-PRINCIPAL-PASSWORD>"
},
"PrivaceraDownloadUrl":{
"Description":"Privacera Base Download Url",
"Type":"String",
"Default":"https://privaceracloud.com/api/public/get/emr_script/<PLEASE UPDATED API-KEY>"
}
},
"Resources":{
"EMRCLUSTER":{
"Type":"AWS::EMR::Cluster",
"Properties":{
"Name":{
"Ref":"CLUSTERNAME"
},
"KerberosAttributes":{
"Realm":"EC2.INTERNAL",
"KdcAdminPassword":{
"Ref":"KdcAdminPassword"
},
"CrossRealmTrustPrincipalPassword":{
"Ref":"CrossRealmTrustPrincipalPassword"
}
},
"SecurityConfiguration":{
"Ref":"KDCName"
},
"VisibleToAllUsers":true,
"EbsRootVolumeSize":15,
"Instances":{
"MasterInstanceGroup":{
"InstanceCount":1,
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Master Instance Group"
},
"CoreInstanceGroup":{
"InstanceCount":"<PLEASE_UPDATE>",
"InstanceType":"m5.xlarge",
"Market":{
"Fn::Sub":"${Market}"
},
"Name":"Core Instance Group"
},
"Ec2KeyName":{
"Ref":"Ec2KeyName"
},
"EmrManagedSlaveSecurityGroup":{
"Fn::Sub":"${SlaveSecurityGroup}"
},
"EmrManagedMasterSecurityGroup":{
"Fn::Sub":"${MasterSecurityGroup}"
},
"ServiceAccessSecurityGroup":{
"Fn::Sub":"${ServiceAccessSecurityGroup}"
},
"Ec2SubnetId":{
"Fn::Sub":"${Ec2SubnetId}"
},
"TerminationProtected":true
},
"BootstrapActions":[
{
"Name":"Install Privacera Plugins on Master Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=true"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
},
{
"Name":"Install Spark FGAC in Core Node",
"ScriptBootstrapAction":{
"Path":"s3://elasticmapreduce/bootstrap-actions/run-if",
"Args":[
{
"Fn::Sub":"instance.isMaster=false"
},
{
"Fn::Sub":"wget ${PrivaceraDownloadUrl}/privacera_emr.sh ; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
}
]
}
}
],
"Applications":[
{
"Name":"Hive"
},
{
"Name":"Spark"
},
{
"Name":"PrestoSQL"
},
{
"Name":"Zeppelin"
},
{
"Name":"Livy"
},
{
"Name":"Hue"
}
],
"Configurations":[
{
"Classification":"spark",
"ConfigurationProperties":{
"maximizeResourceAllocation":"true"
},
"Configurations":[
]
},
{
"Classification":"spark-hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"hive-site",
"ConfigurationProperties":{
"hive.metastore.client.factory.class":"com.amazonaws.glue.catalog.metastore.AWSGlueDataCatalogHiveClientFactory",
"hive.metastore.schema.verification":"false",
"hive.server2.enable.doAs":"false",
"parquet.column.index.access":"true",
"fs.s3a.impl":"com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir":{
"Ref":"HiveMetaStoreS3Path"
}
}
},
{
"Classification":"prestosql-connector-hive",
"ConfigurationProperties":{
"hive.metastore":"glue",
"hive.allow-drop-table":"true",
"hive.allow-add-column":"true",
"hive.allow-rename-column":"true",
"connector.name":"hive-hadoop2",
"hive.config.resources":"/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml",
"hive.s3-file-system-type":"EMRFS",
"hive.hdfs.impersonation.enabled":"false",
"hive.allow-drop-column":"true",
"hive.allow-rename-table":"true"
}
},
{
"Classification":"livy-conf",
"ConfigurationProperties":{
"livy.impersonation.enabled":"true"
}
},
{
"Classification":"core-site",
"ConfigurationProperties":{
"hadoop.proxyuser.livy.groups":"*",
"hadoop.proxyuser.livy.hosts":"*"
}
}
],
"LogUri":"s3://<PLEASE_UPDATE BUCKET_NAME>/emr/emr_logs/",
"JobFlowRole":"<PLEASE_UPDATE NODE_ROLE_NAME>",
"ServiceRole":"EMR_DefaultRole",
"ReleaseLabel":{
"Fn::Sub":"${EMRVersion}"
}
}
}
}
}
Create EMR cluster using CloudFormation AWS CLI
Run the following command to create AWS EMR:
aws --region <AWS-REGION> cloudformation create-stack --stack-name privacera-emr-creation --template-body file://<EMR-TEMPLATE-JSON-FILE-PATH>
Create CloudFormation stack
Follow these steps to create a stack on the AWS CloudFormation console:
Login in to the AWS Management Console and navigate to Cloudformation Console.
Click the Create Stack on the Stacks page.
On the Specify template page, select Template is ready option, and then Upload a template file.
Click the Choose File button, and select your modified
emr template jsonfile.Click the Next button.
On the Specify stack details page, enter a stack name in the Stack name box.
Click the Next button.
Update Configure stack options as per your requirements.
Click the Next button.
Click the Create Stack button.
You will see the progress of your stack in the CloudFormation > Stacks section.
Manually create EMR cluster using AWS EMR console
Follow these steps to manually create AWS EMR cluster using AWS EMR console:
Login to AWS Management Console and navigate to EMR Console.
Click the Create cluster button.
click Go to advanced, and select Release. For example,
emr-6.4.0
Configure applications for AWS EMR cluster
Follow these steps to configure individual application for AWS EMR cluster:
Select additional applications as per your environment, such as
Spark,Hadoop,Hive,TrinoorPresto.In Edit software settings, select Enter configuration and add the following individual application's configuration array.
{
"Classification": "spark",
"ConfigurationProperties": {
"maximizeResourceAllocation": "true"
},
"Configurations": []
},
{
"Classification": "spark-hive-site",
"ConfigurationProperties": {
"hive.metastore.warehouse.dir": "s3://<bucket-name>/<path>"
}
}{
"Classification": "hive-site",
"ConfigurationProperties": {
"javax.jdo.option.ConnectionURL": "",
"javax.jdo.option.ConnectionDriverName": "org.mariadb.jdbc.Driver",
"javax.jdo.option.ConnectionUserName": "root",
"javax.jdo.option.ConnectionPassword": "welcome1",
"hive.server2.enable.doAs": "false",
"parquet.column.index.access": "true",
"fs.s3a.impl": "com.amazon.ws.emr.hadoop.fs.EmrFileSystem",
"hive.metastore.warehouse.dir": "s3://<bucket-name>/<path>"
}
}
Note
If the EMR version is 6.4.0 or above, use trino in place of {application} in the array. Use prestosql for older versions.
Replace {application} based on the component you select.
For example:
For Trino, use
trino-connector-hiveFor PrestoSQL, use
prestosql-connecor-hive
Presto and Trino/Presto-sql are incompatible. Only one at a time should be used.
Glue configuration:
{ "Classification": "<application>-connector-hive", "ConfigurationProperties": { "hive.metastore": "glue", "hive.allow-drop-table": "true", "hive.allow-add-column": "true", "hive.allow-rename-column": "true", "connector.name": "hive-hadoop2", "hive.config.resources": "/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml", "hive.s3-file-system-type": "EMRFS", "hive.hdfs.impersonation.enabled": "false", "hive.allow-drop-column": "true", "hive.allow-rename-table": "true" } }EHM configuration:
{ "Classification": "<application>-connector-hive", "ConfigurationProperties": { "hive.allow-drop-table": "true", "hive.allow-add-column": "true", "hive.allow-rename-column": "true", "connector.name": "hive-hadoop2", "hive.config.resources": "/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml", "hive.s3-file-system-type": "EMRFS", "hive.hdfs.impersonation.enabled": "false", "hive.allow-drop-column": "true", "hive.allow-rename-table": "true" } }
Bootstrap actions
In Hardware settings, select Networking, Node, and Instance values as appropriate for your environment.
Go to General cluster settings, configure the cluster name, logging, debugging, and termination protection as needed for your environment.
Configure the General cluster settings by including two scripts that install the Privacera Signing Agent on both the master and worker nodes.
In Additional Options, expand Bootstrap Actions, select bootstrap action Run if, and then click Configure and add.
In the Bootstrap actions dialog, set the name of the master and core node to Privacera Signing Agent.
Copy the following script into Optional Arguments using your own
emr-script-download-urlscript URL. See Obtain EMR script download URL.Click Add when finished.
Optional Arguments for Privacera installation script:
Master node
instance.isMaster=true "wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
Core node
instance.isMaster=false "wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fbac"
Optional Arguments for Privacera installation script with delta.
Export the following two additional variables in the Bootstrap actions to enable Delta Lake:
SPARK_DELTA_LAKE_ENABLE SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL
Master node
instance.isMaster=true "export SPARK_DELTA_LAKE_ENABLE=enable-spark-deltalake; export SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL=<DELTA_LAKE_CORE_JAR_DOWNLOAD_UR>; wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fbac"
Core node
instance.isMaster=false "export SPARK_DELTA_LAKE_ENABLE=enable-spark-deltalake; export SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL=<DELTA_LAKE_CORE_JAR_DOWNLOAD_UR>; wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fbac"
Note
Ensure the following:
The Delta Lake core jar is dependent on the Spark version. You must choose the correct version for your EMR.
Obtain the appropriate download URL for the Delta Lake core jar and update.
Delta Lake and Spark version compatibility. For more information about Delta Lake releases, see Compatibility with Apache Spark.
Optional Arguments for Privacera installation script:
Master node
instance.isMaster=true "wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
Core node
instance.isMaster=false "wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo ./privacera_emr.sh spark-fgac"
Optional Arguments for Privacera installation script with delta.
Export the following two additional variables in the Bootstrap actions to enable Delta Lake:
SPARK_DELTA_LAKE_ENABLE SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL
Master node
instance.isMaster=true "export SPARK_DELTA_LAKE_ENABLE=enable-spark-deltalake; export SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL=<DELTA_LAKE_CORE_JAR_DOWNLOAD_UR>; wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fgac"
Core node
instance.isMaster=false "export SPARK_DELTA_LAKE_ENABLE=enable-spark-deltalake; export SPARK_DELTA_LAKE_CORE_JAR_DOWNLOAD_URL=<DELTA_LAKE_CORE_JAR_DOWNLOAD_UR>; wget <emr-script-download-url>; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fgac"
Note
Ensure the following:
The Delta Lake core jar is dependent on the Spark version. You must choose the correct version for your EMR.
Obtain the appropriate download URL for the Delta Lake core jar and update.
Delta Lake and Spark version compatibility. For more information about Delta Lake releases, see Compatibility with Apache Spark.
Create Custom Policy Repository
Before adding optional arguments for the Privacera installation script with a custom Hive repository, you need to complete the following steps:
Login to PrivaceraCloud Portal.
On the Privacera Portal home page, expand Access Management, and then click the Resource Policies.
Click the three dots menu on the service for which you want to create a custom policy repository.
Click Add Service.
Add the values in the given fields, and then click Save.
Service Name: name of your service.
For example,
<service_name>_dev_policy. Where service name will be hive, s3, files, or so on.Select Tag Service: select
privacera_tagto apply tag based policies for this custom repository.Username: It should be service user i.e.,
hivePassword: dummy
jdbc.driverClassName: dummy or org.apache.hive.jdbc.HiveDriver
Jdb.url: dummy
Optional Arguments for Privacera installation script with custom Hive repository.
Master node
instance.isMaster=true "export EMR_HIVE_SERVICE_NAME=<hive_repo_name>; export EMR_TRINO_HIVE_SERVICE_NAME=<trino_hive_repo_name>; export EMR_SPARK_HIVE_SERVICE_NAME=<spark_hive_repo_name>; wget <emr-script-download-url> ; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fgac"
Core node
instance.isMaster=false "export EMR_HIVE_SERVICE_NAME=<hive_repo_name>; export EMR_TRINO_HIVE_SERVICE_NAME=<trino_hive_repo_name>; export EMR_SPARK_HIVE_SERVICE_NAME=<spark_hive_repo_name>; wget <emr-script-download-url> ; chmod +x ./privacera_emr.sh ; sudo -E ./privacera_emr.sh spark-fgac"
Note
Ensure the following:
You can customized <;hive_repo_name>; for the Hive application in EMR.
You can customized <;spark_hive_repo_name>; For the spark applications in EMR.
You can customized <;trino_hive_repo_name>; for the Trino application in EMR.
Configure security options in EMR cluster
Follow these steps to configure security options in EMR cluster:
In Security Options, select security options as per your environment.
Open Security Configuration, and select the configuration you created earlier, e.g., "emr_sec_config".
Then in the the following fields, enter values:
In the following fields, enter values:
Realm
KDC admin password
Click Create cluster to complete.