Document required connectivity for LocalDiskEncryptionKeyProvider type AwsKms

Question

Document required connectivity for LocalDiskEncryptionKeyProvider type AwsKms

joelthompson opened this issue 6 years ago · 2 comments

https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-create-security-configuration.html and https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-encryption-enable.html#emr-awskms-keys discuss using KMS CMKs for EMR encryption. However, there is no mention that the main EC2 instances themselves require network connectivity to KMS when using AwsKms for the local disk encryption (either over the internet or over a VPC Endpoint). Having this spelled out explicitly would be helpful.

Answer 1 · 2019-05-08T19:55:43.000Z

@joelthompson Excellent catch. We'll spell this out in an upcoming edit.

Answer 2 · 2023-06-15T22:42:40.000Z

Closing this issue or pull request in advance of archiving this repo. For more information about the decision to archive this repo (and others in the 'awsdocs' org), see the announcement on the AWS News Blog.