Skip to main content

πŸ’Ό [EMR.2] Amazon EMR block public access setting should be enabled

  • Contextual name: πŸ’Ό [EMR.2] Amazon EMR block public access setting should be enabled
  • ID: /frameworks/aws-fsbp-v1.0.0/emr/02
  • Located in: πŸ’Ό EMR

Description​

Amazon EMR block public access prevents you from launching a cluster in a public subnet if the cluster has a security configuration that allows inbound traffic from public IP addresses on a port. When a user from your AWS account launches a cluster, Amazon EMR checks the port rules in the security group for the cluster and compares them with your inbound traffic rules. If the security group has an inbound rule that opens ports to the public IP addresses IPv4 0.0.0.0/0 or IPv6 ::/0, and those ports aren't specified as exceptions for your account, Amazon EMR doesn't let the user create the cluster.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3 Access Enforcement15534
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(7) Access Enforcement _ Role-based Access Control11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4 Information Flow Enforcement326885
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3742
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-6 Least Privilege102346
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-21 Information Sharing25
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7 Boundary Protection29447
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(3) Boundary Protection _ Access Points5
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(4) Boundary Protection _ External Telecommunications Services25
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic12
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic19
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(16) Boundary Protection _ Prevent Discovery of System Components20
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation5
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(21) Boundary Protection _ Isolation of System Components19
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.5

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags