Ensure that your Amazon Elastic MapReduce (EMR) clusters are provisioned using the AWS EC2-VPC platform instead of EC2-Classic platform (outdated from 2013.12.04) for better flexibility and control over security, better traffic routing and availability.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Launching and managing AWS EMR clusters using EC2-VPC platform instead of EC2-Classic can bring multiple advantages such as better networking infrastructure (network isolation, private subnets and private IP addresses), much more flexible control over access security (network ACLs and security group outbound/egress traffic filtering) and access to newer and powerful EC2 instance types (C4, M4, R4, etc) for your clusters. Even more, if you are processing sensitive data within your EMR clusters, you may want the additional access control provided by the EC2-VPC platform, that can be enabled by launching your clusters into a VPC.
Note: If your AWS account was created after 2013.12.04, it supports EC2-VPC only.
To determine the EC2 platform (EC2-Classic or EC2-VPC) used to launch your Amazon EMR clusters, perform the following:
To migrate your AWS EMR clusters from EC2-Classic platform to EC2-VPC platform, you must re-create your clusters within a Virtual Private Cloud (VPC). To relaunch and configure your EMR clusters in an AWS VPC, perform the following actions: