Resource: aws_emr_block_public_access_configuration

Terraform resource for managing an AWS EMR block public access configuration. This region level security configuration restricts the launch of EMR clusters that have associated security groups permitting public access on unspecified ports. See the EMR Block Public Access Configuration documentation for further information.

Example Usage

Basic Usage

resource "aws_emr_block_public_access_configuration" "example" {
  block_public_security_group_rules = true
}

Default Configuration

By default, each AWS region is equipped with a block public access configuration that prevents EMR clusters from being launched if they have security group rules permitting public access on any port except for port 22. The default configuration can be managed using this Terraform resource.

resource "aws_emr_block_public_access_configuration" "example" {
  block_public_security_group_rules = true

  permitted_public_security_group_rule_range {
    min_range = 22
    max_range = 22
  }
}

Multiple Permitted Public Security Group Rule Ranges

The resource permits specification of multiple permitted_public_security_group_rule_range blocks.

resource "aws_emr_block_public_access_configuration" "example" {
  block_public_security_group_rules = true

  permitted_public_security_group_rule_range {
    min_range = 22
    max_range = 22
  }

  permitted_public_security_group_rule_range {
    min_range = 100
    max_range = 101
  }
}

Disabling Block Public Access

To permit EMR clusters to be launched in the configured region regardless of associated security group rules, the Block Public Access feature can be disabled using this Terraform resource.

resource "aws_emr_block_public_access_configuration" "example" {
  block_public_security_group_rules = false
}

Argument Reference

The following arguments are required:

The following arguments are optional:

permitted_public_security_group_rule_range

This block is used to define a range of TCP ports that should form exceptions to the Block Public Access Configuration. If an attempt is made to launch an EMR cluster in the configured region and account, with block_public_security_group_rules = true, the EMR cluster will be permitted to launch even if there are security group rules permitting public access to ports in this range.

Attribute Reference

This resource exports no additional attributes.

Import

In Terraform v1.5.0 and later, use an import block to import the current EMR Block Public Access Configuration. For example:

import {
  to = aws_emr_block_public_access_configuration.example
  id = "current"
}

Using terraform import, import the current EMR Block Public Access Configuration. For example:

% terraform import aws_emr_block_public_access_configuration.example current