Launch Amazon EMR Clusters in Amazon VPC Private Subnets
You can now create Amazon EMR clusters in private subnets in your Amazon Virtual Private Cloud (VPC). Previously, Amazon EMR only supported creating clusters in public subnets, which required an attached Internet gateway. With Amazon EMR release 4.2.0 and later, you can now also launch your clusters in a private subnet with no public IP addresses or attached Internet gateway. You can create an endpoint for Amazon S3 in your VPC to give your Amazon EMR cluster direct access to data in Amazon S3, and optionally create a Network Address Translation (NAT) instance for your cluster to interact with other AWS services that do not currently support endpoints in VPC.
You can create an Amazon EMR cluster in a VPC private subnet by specifying that subnet when creating your cluster from the AWS Management Console, AWS CLI, or using a SDK with the EMR API. If you have custom settings for your network access control lists, a custom policy for your private S3 endpoint, or are not using the default Identify and Access Management (IAM) Named Policy for your Amazon EMR service role, please visit the Amazon EMR documentation to learn more about the required settings. To learn more about options for launching your Amazon EMR clusters in VPC, click here.