in aws_emr_launch/constructs/emr_constructs/emr_profile.py [0:0]
def _construct_security_configuration(self, custom_security_configuration: Optional[Dict[str, Any]] = None) -> None:
# Initialize the CfnSecurityConfiguration
if self._security_configuration is None:
self._security_configuration = emr.CfnSecurityConfiguration(
self, "SecurityConfiguration", security_configuration={}
)
self._security_configuration_name = self._security_configuration.ref
self._ssm_parameter.value = json.dumps(self.to_json())
if custom_security_configuration is not None:
self._security_configuration.security_configuration = custom_security_configuration
return
# Set Encryption
encryption_configuration = {
"EnableInTransitEncryption": self._tls_certificate_configuration is not None,
"InTransitEncryptionConfiguration": self._tls_certificate_configuration,
"EnableAtRestEncryption": self._s3_encryption_configuration is not None
or self._local_disk_encryption_configuration is not None,
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": self._s3_encryption_configuration,
"LocalDiskEncryptionConfiguration": self._local_disk_encryption_configuration,
},
}
# Set Authentication
authentication_configuration = (
{"KerberosConfiguration": self._kerberos_configuration} if self._kerberos_configuration else None
)
# Set Authorization
authorization_configuration = (
{"EmrFsConfiguration": self._emrfs_configuration} if self._emrfs_configuration else None
)
self._security_configuration.security_configuration = {
"EncryptionConfiguration": encryption_configuration,
"AuthenticationConfiguration": authentication_configuration,
"AuthorizationConfiguration": authorization_configuration,
"LakeFormationConfiguration": self._lake_formation_configuration,
}