I accidentally unmounted the storage volumes on my Amazon EMR node. The volumes are encrypted with Linux Unified Key Setup (LUKS), and the key provider is AWS Key Management Service (AWS KMS). How can I remount the volumes?

As a best practice, encrypted storage volumes should not be unmounted manually. If your volumes are accidentally unmounted and the operating system is unable to remount them using the mount command or after a reboot, the Amazon EMR node can't access the /mnt and /emr volumes.

1.    Run the following AWS CLI command to get the ciphertext of your AWS KMS key. Specify the AWS Region where your Amazon EMR cluster is located.

$ aws kms decrypt --ciphertext-blob fileb://<(cat /var/setup-devices/.encrypted-diskKey | base64 --decode) --region us-east-1

The output will look like this:

"Plaintext": "4si+VyYoEXAMPLEdv691cYAv9D6AbADJ12HCjY8+H1w="
"KeyId": arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

The "Plaintext" string is your decrypted key, which you will use in step #3.

2.    Recreate the LUKS volumes by running the following command on the Amazon EMR node where the volumes were unmounted.

# cryptsetup luksOpen /dev/xvdb1 xvdb1

3.    When prompted for the passphrase, enter your decrypted key from step #1.

4.    Run the following command to confirm that the volumes are in the /dev/mapper directories.

$ ls -l /dev/mapper/

5.    Mount the volumes by running the following commands.

# mount /dev/mapper/xvdb1 /emr
# mount /dev/mapper/xvdb2 /mnt

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-07-17