EMRContainers / Client / create_security_configuration

create_security_configuration

EMRContainers.Client.create_security_configuration(**kwargs)

Creates a security configuration. Security configurations in Amazon EMR on EKS are templates for different security setups. You can use security configurations to configure the Lake Formation integration setup. You can also create a security configuration to re-use a security setup each time you create a virtual cluster.

See also: AWS API Documentation

Request Syntax

response = client.create_security_configuration(
    clientToken='string',
    name='string',
    containerProvider={
        'type': 'EKS',
        'id': 'string',
        'info': {
            'eksInfo': {
                'namespace': 'string',
                'nodeLabel': 'string'
            }
        }
    },
    securityConfigurationData={
        'authorizationConfiguration': {
            'lakeFormationConfiguration': {
                'authorizedSessionTagValue': 'string',
                'secureNamespaceInfo': {
                    'clusterId': 'string',
                    'namespace': 'string'
                },
                'queryEngineRoleArn': 'string'
            },
            'encryptionConfiguration': {
                'inTransitEncryptionConfiguration': {
                    'tlsCertificateConfiguration': {
                        'certificateProviderType': 'PEM',
                        'publicCertificateSecretArn': 'string',
                        'privateCertificateSecretArn': 'string'
                    }
                }
            }
        }
    },
    tags={
        'string': 'string'
    }
)
Parameters:

  • clientToken (string) –

    [REQUIRED]

    The client idempotency token to use when creating the security configuration.

    This field is autopopulated if not provided.

  • name (string) –

    [REQUIRED]

    The name of the security configuration.

  • containerProvider (dict) –

    The container provider associated with the security configuration.

    • type (string) – [REQUIRED]

      The type of the container provider. Amazon EKS is the only supported type as of now.

    • id (string) – [REQUIRED]

      The ID of the container cluster.

    • info (dict) –

      The information about the container cluster.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: eksInfo.

      • eksInfo (dict) –

        The information about the Amazon EKS cluster.

        • namespace (string) –

          The namespaces of the Amazon EKS cluster.

        • nodeLabel (string) –

          The nodeLabel of the nodes where the resources of this virtual cluster can get scheduled. It requires relevant scaling and policy engine addons.

  • securityConfigurationData (dict) –

    [REQUIRED]

    Security configuration input for the request.

    • authorizationConfiguration (dict) –

      Authorization-related configuration input for the security configuration.

      • lakeFormationConfiguration (dict) –

        Lake Formation related configuration inputs for the security configuration.

        • authorizedSessionTagValue (string) –

          The session tag to authorize Amazon EMR on EKS for API calls to Lake Formation.

        • secureNamespaceInfo (dict) –

          The namespace input of the system job.

          • clusterId (string) –

            The ID of the Amazon EKS cluster where Amazon EMR on EKS jobs run.

          • namespace (string) –

            The namespace of the Amazon EKS cluster where the system jobs run.

        • queryEngineRoleArn (string) –

          The query engine IAM role ARN that is tied to the secure Spark job. The QueryEngine role assumes the JobExecutionRole to execute all the Lake Formation calls.

      • encryptionConfiguration (dict) –

        Encryption-related configuration input for the security configuration.

        • inTransitEncryptionConfiguration (dict) –

          In-transit encryption-related input for the security configuration.

          • tlsCertificateConfiguration (dict) –

            TLS certificate-related configuration input for the security configuration.

            • certificateProviderType (string) –

              The TLS certificate type. Acceptable values: PEM or Custom.

            • publicCertificateSecretArn (string) –

              Secrets Manager ARN that contains the public TLS certificate contents, used for communication between the user job and the system job.

            • privateCertificateSecretArn (string) –

              Secrets Manager ARN that contains the private TLS certificate contents, used for communication between the user job and the system job.

  • tags (dict) –

    The tags to add to the security configuration.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'arn': 'string'
}

Response Structure

  • (dict) –

    • id (string) –

      The ID of the security configuration.

    • name (string) –

      The name of the security configuration.

    • arn (string) –

      The ARN (Amazon Resource Name) of the security configuration.

Exceptions

  • EMRContainers.Client.exceptions.ValidationException

  • EMRContainers.Client.exceptions.InternalServerException