AWS EMR Terraform module
Upstream version 3.3.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/emr/aws74 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
additional_info | string | null | JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform |
applications | list(string) | [] | A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster |
auto_termination_policy | object({...}) | null | An auto-termination policy for an Amazon EMR cluster. An auto-termination policy defines the amount of idle time in seconds after which a cluster automatically terminates |
autoscaling_iam_role_arn | string | null | The ARN of an existing IAM role to use for autoscaling |
autoscaling_iam_role_description | string | null | Description of the role |
autoscaling_iam_role_name | string | null | Name to use on IAM role created |
bootstrap_action | list({...}) | null | Ordered list of bootstrap actions that will be run before Hadoop is started on the cluster nodes |
configurations | string | null | List of configurations supplied for the EMR cluster you are creating. Supply a configuration object for applications to override their default configuration |
configurations_json | string | null | JSON string for supplying list of configurations for the EMR cluster |
core_instance_fleet | object({...}) | null | Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the core node type. Cannot be specified if any `core_instance_group` configuration blocks are set |
core_instance_group | object({...}) | null | Configuration block to use an [Instance Group] for the core node type |
create | bool | true | Controls if resources should be created (affects nearly all resources) |
create_autoscaling_iam_role | bool | true | Determines whether the autoscaling IAM role should be created |
create_iam_instance_profile | bool | true | Determines whether the EC2 IAM role/instance profile should be created |
create_managed_security_groups | bool | true | Determines whether managed security groups are created |
create_security_configuration | bool | false | Determines whether a security configuration is created |
create_service_iam_role | bool | true | Determines whether the service IAM role should be created |
custom_ami_id | string | null | Custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later |
ebs_root_volume_size | number | null | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later |
ec2_attributes | object({...}) | null | Attributes for the EC2 instances running the job flow |
iam_instance_profile_description | string | null | Description of the EC2 IAM role/instance profile |
iam_instance_profile_name | string | null | Name to use on EC2 IAM role/instance profile created |
iam_instance_profile_policies | map(string) | {...} | Map of IAM policies to attach to the EC2 IAM role/instance profile |
iam_instance_profile_role_arn | string | null | The ARN of an existing IAM role to use if passing in a custom instance profile and creating a service role |
iam_role_path | string | null | IAM role path |
iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the IAM role |
iam_role_tags | map(string) | {} | A map of additional tags to add to the IAM role created |
iam_role_use_name_prefix | bool | true | Determines whether the IAM role name is used as a prefix |
is_private_cluster | bool | true | Identifies whether the cluster is created in a private subnet |
keep_job_flow_alive_when_no_steps | bool | null | Switch on/off run cluster with no steps or when all steps are complete (default is on) |
kerberos_attributes | object({...}) | null | Kerberos configuration for the cluster |
list_steps_states | list(string) | [] | List of [step states](https://docs.aws.amazon.com/emr/latest/APIReference/API_StepStatus.html) used to filter returned steps |
log_encryption_kms_key_id | string | null | AWS KMS customer master key (CMK) key ID or arn used for encrypting log files. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0 |
log_uri | string | null | S3 bucket to write the log files of the job flow. If a value is not provided, logs are not created |
managed_scaling_policy | object({...}) | null | Compute limit configuration for a [Managed Scaling Policy](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-scaling.html) |
managed_security_group_name | string | null | Name to use on manged security group created. Note - `-master`, `-slave`, and `-service` will be appended to this name to distinguish |
managed_security_group_tags | map(string) | {} | A map of additional tags to add to the security group created |
managed_security_group_use_name_prefix | bool | true | Determines whether the security group name (`security_group_name`) is used as a prefix |
master_instance_fleet | object({...}) | null | Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the master node type. Cannot be specified if any `master_instance_group` configuration blocks are set |
master_instance_group | object({...}) | null | Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [master node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-master) |
master_security_group_description | string | "Managed master security group" | Description of the security group created |
master_security_group_egress_rules | map({...}) | {...} | Security group egress rules to add to the security group created |
master_security_group_ingress_rules | map({...}) | null | Security group ingress rules to add to the security group created |
name | string | "" | Name of the job flow |
os_release_label | string | null | Amazon Linux release for all nodes in a cluster launch RunJobFlow request. If not specified, Amazon EMR uses the latest validated Amazon Linux release for cluster launch |
placement_group_config | list({...}) | null | The specified placement group configuration |
region | string | null | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration |
release_label | string | null | Release label for the Amazon EMR release |
release_label_filters | map({...}) | {"default":{"prefix":"emr-7"}} | Map of release label filters use to lookup a release label |
scale_down_behavior | string | "TERMINATE_AT_TASK_COMPLETION" | Way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized |
security_configuration | string | null | Security configuration to create, or attach if `create_security_configuration` is `false`. Only valid for EMR clusters with `release_label` 4.8.0 or greater |
security_configuration_name | string | null | Name of the security configuration to create, or attach if `create_security_configuration` is `false`. Only valid for EMR clusters with `release_label` 4.8.0 or greater |
security_configuration_use_name_prefix | bool | true | Determines whether `security_configuration_name` is used as a prefix |
service_iam_role_arn | string | null | The ARN of an existing IAM role to use for the service |
service_iam_role_description | string | null | Description of the role |
service_iam_role_name | string | null | Name to use on IAM role created |
service_iam_role_policies | map(string) | {...} | Map of IAM policies to attach to the service role |
service_pass_role_policy_description | string | null | Description of the policy |
service_pass_role_policy_name | string | null | Name to use on IAM policy created |
service_security_group_description | string | "Managed service access security group" | Description of the security group created |
service_security_group_egress_rules | map({...}) | {...} | Security group egress rules to add to the security group created |
service_security_group_ingress_rules | map({...}) | null | Security group ingress rules to add to the security group created |
slave_security_group_description | string | "Managed slave security group" | Description of the security group created |
slave_security_group_egress_rules | map({...}) | {...} | Security group egress rules to add to the security group created |
slave_security_group_ingress_rules | map({...}) | null | Security group ingress rules to add to the security group created |
step | list({...}) | null | Steps to run when creating the cluster |
step_concurrency_level | number | null | Number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with `release_label` 5.28.0 or greater (default is 1) |
tags | map(string) | {} | A map of tags to add to all resources |
task_instance_fleet | object({...}) | null | Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the task node type. Cannot be specified if any `task_instance_group` configuration blocks are set |
task_instance_group | object({...}) | null | Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [task node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-master) |
termination_protection | bool | null | Switch on/off termination protection (default is `false`, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to `false` |
unhealthy_node_replacement | bool | true | Whether whether Amazon EMR should gracefully replace core nodes that have degraded within the cluster. Default value is `true` |
visible_to_all_users | bool | null | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow. Default value is `true` |
vpc_id | string | "" | The ID of the Amazon Virtual Private Cloud (Amazon VPC) where the security groups will be created |