EMRContainers / Client / create_security_configuration
create_security_configuration#
- EMRContainers.Client.create_security_configuration(**kwargs)#
Creates a security configuration. Security configurations in Amazon EMR on EKS are templates for different security setups. You can use security configurations to configure the Lake Formation integration setup. You can also create a security configuration to re-use a security setup each time you create a virtual cluster.
See also: AWS API Documentation
Request Syntax
response = client.create_security_configuration( clientToken='string', name='string', securityConfigurationData={ 'authorizationConfiguration': { 'lakeFormationConfiguration': { 'authorizedSessionTagValue': 'string', 'secureNamespaceInfo': { 'clusterId': 'string', 'namespace': 'string' }, 'queryEngineRoleArn': 'string' }, 'encryptionConfiguration': { 'inTransitEncryptionConfiguration': { 'tlsCertificateConfiguration': { 'certificateProviderType': 'PEM', 'publicCertificateSecretArn': 'string', 'privateCertificateSecretArn': 'string' } } } } }, tags={ 'string': 'string' } )
- Parameters:
clientToken (string) –
[REQUIRED]
The client idempotency token to use when creating the security configuration.
This field is autopopulated if not provided.
name (string) –
[REQUIRED]
The name of the security configuration.
securityConfigurationData (dict) –
[REQUIRED]
Security configuration input for the request.
authorizationConfiguration (dict) –
Authorization-related configuration input for the security configuration.
lakeFormationConfiguration (dict) –
Lake Formation related configuration inputs for the security configuration.
authorizedSessionTagValue (string) –
The session tag to authorize Amazon EMR on EKS for API calls to Lake Formation.
secureNamespaceInfo (dict) –
The namespace input of the system job.
clusterId (string) –
The ID of the Amazon EKS cluster where Amazon EMR on EKS jobs run.
namespace (string) –
The namespace of the Amazon EKS cluster where the system jobs run.
queryEngineRoleArn (string) –
The query engine IAM role ARN that is tied to the secure Spark job. The
QueryEngine
role assumes theJobExecutionRole
to execute all the Lake Formation calls.
encryptionConfiguration (dict) –
Encryption-related configuration input for the security configuration.
inTransitEncryptionConfiguration (dict) –
In-transit encryption-related input for the security configuration.
tlsCertificateConfiguration (dict) –
TLS certificate-related configuration input for the security configuration.
certificateProviderType (string) –
The TLS certificate type. Acceptable values:
PEM
orCustom
.publicCertificateSecretArn (string) –
Secrets Manager ARN that contains the public TLS certificate contents, used for communication between the user job and the system job.
privateCertificateSecretArn (string) –
Secrets Manager ARN that contains the private TLS certificate contents, used for communication between the user job and the system job.
tags (dict) –
The tags to add to the security configuration.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'id': 'string', 'name': 'string', 'arn': 'string' }
Response Structure
(dict) –
id (string) –
The ID of the security configuration.
name (string) –
The name of the security configuration.
arn (string) –
The ARN (Amazon Resource Name) of the security configuration.
Exceptions
EMRContainers.Client.exceptions.ValidationException
EMRContainers.Client.exceptions.InternalServerException