Posted On: Mar 1, 2023

Amazon EMR Serverless is a serverless option in Amazon EMR that makes it easy for data engineers and data scientists to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. Today, we are excited to announce that you can use your own Customer Managed Keys (CMK) with AWS Key Management Service (AWS KMS) to encrypt EMR Serverless application logs when stored in managed storage and in Amazon S3 buckets.

When you submit a job to an EMR Serverless application, you can decide where to store your application logs - in a managed storage system, an Amazon S3 location, or both. EMR Serverless encrypts application logs by default for 30 days in managed storage using AWS owned keys. If you want to retain logs longer or have additional requirements to analyze the logs, you also have the option to upload the logs to an S3 bucket of your choice. With this feature, you can now use CMK to encrypt logs in managed storage and Amazon S3 buckets, adding a self-managed security layer to help you meet the compliance and regulatory requirements of your organization. 

To learn more about using Customer Managed Keys to store application logs, please visit our documentation. This feature is available in all AWS Regions where EMR Serverless is available.