Posted On: Jan 28, 2019

You can now use an external Kerberos KDC to authenticate applications and users running on your EMR cluster with Amazon EMR release 5.20.0 or later. This feature allows you to connect multiple Kerberized EMR clusters to a centralized external KDC and allow applications running inside these clusters that use Kerberos for authentication to cross-authenticate with each other without your needing to establish a cross-realm trust. This capability will be especially useful in scenarios where you want multiple clusters to authenticate to a central data lake cluster to access data to submit and run jobs. You can also set up a cross-realm trust between an external KDC and an Active Directory domain on premises or in Amazon EC2. This allows users in your corporate directory to more securely access all Kerberized EMR clusters that authenticate to that KDC using their familiar Active Directory domain credentials.

For more information about configuring and using an external KDC on EMR, see Using Kerberos Authentication and External KDC Architecture Options in the Amazon EMR Management Guide.

This feature is now available in all supported regions for Amazon EMR.