Posted On: Jan 28, 2019
You can now use an external Kerberos KDC to authenticate applications and users running on your EMR cluster with Amazon EMR release 5.20.0 or later. This feature allows you to connect multiple Kerberized EMR clusters to a centralized external KDC and allow applications running inside these clusters that use Kerberos for authentication to cross-authenticate with each other without your needing to establish a cross-realm trust. This capability will be especially useful in scenarios where you want multiple clusters to authenticate to a central data lake cluster to access data to submit and run jobs. You can also set up a cross-realm trust between an external KDC and an Active Directory domain on premises or in Amazon EC2. This allows users in your corporate directory to more securely access all Kerberized EMR clusters that authenticate to that KDC using their familiar Active Directory domain credentials.
This feature is now available in all supported regions for Amazon EMR.