Hi Vinay! 1. Will the existing functionality provided by Amazon to configure in-transit data encrytion work for Flink as well. This is explained here: http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-encryption-enable-security-configuration.html http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-data-encryption-options.html#emr-encryption-intransit
I don’t think so. AFAIK, the AWS security configurations needs to be integrated for per-platform’s specific security features, and as of now, there doesn’t seem to be an integration for Flink SSL encryption features, yet. 2. Using Flink SSL Setup: as we know only the IP address of master node on EMR , should we pass only its ip address in the SAN list as given here ? (I think it should work as the yarn-cli command will distribute the truststore and keystore to each TM ) https://ci.apache.org/projects/flink/flink-docs-release-1.3/setup/security-ssl.html#use-yarn-cli-to-deploy-the-keystores-and-truststore The generated certificate needs to cover all nodes (hostname and IP address). Is it possible for you to use wildcard subdomain names to generate the certificate? I’m not entirely sure of the subdomain patterns of EMR nodes, but this should be possible. Cheers, Gordon On 5 June 2017 at 12:56:45 PM, vinay patil (vinay18.pa...@gmail.com) wrote: Thank you Till. Gordon can you please help. Regards, Vinay Patil On Fri, Jun 2, 2017 at 9:10 PM, Till Rohrmann [via Apache Flink User Mailing List archive.] <[hidden email]> wrote: Hi Vinay, I've pulled my colleague Gordon into the conversation who can probably tell you more about Flink's security features. Cheers, Till On Fri, Jun 2, 2017 at 2:22 PM, vinay patil <[hidden email]> wrote: Hi, Currently I am looking into configuring in-transit data encryption either using Flink SSL Setup or directly using EMR. Few Doubts: 1. Will the existing functionality provided by Amazon to configure in-transit data encrytion work for Flink as well. This is explained here: http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-encryption-enable-security-configuration.html http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-data-encryption-options.html#emr-encryption-intransit 2. Using Flink SSL Setup: as we know only the IP address of master node on EMR , should we pass only its ip address in the SAN list as given here ? (I think it should work as the yarn-cli command will distribute the truststore and keystore to each TM ) https://ci.apache.org/projects/flink/flink-docs-release-1.3/setup/security-ssl.html#use-yarn-cli-to-deploy-the-keystores-and-truststore Regards, Vinay Patil -- View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455.html Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com. If you reply to this email, your message will be added to the discussion below: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13459.html To start a new topic under Apache Flink User Mailing List archive., email [hidden email] To unsubscribe from Apache Flink User Mailing List archive., click here. NAML View this message in context: Re: In-transit Data Encryption in EMR Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
