Hi Vinay,I've pulled my colleague Gordon into the conversation who can probably tell you more about Flink's security features.Cheers,TillOn Fri, Jun 2, 2017 at 2:22 PM, vinay patil <[hidden email]> wrote:Hi,
Currently I am looking into configuring in-transit data encryption either
using Flink SSL Setup or directly using EMR.
Few Doubts:
1. Will the existing functionality provided by Amazon to configure
in-transit data encrytion work for Flink as well. This is explained here:
http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-encry ption-enable-security-configur ation.html
http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-data- encryption-options.html#emr- encryption-intransit
2. Using Flink SSL Setup: as we know only the IP address of master node
on EMR , should we pass only its ip address in the SAN list as given here ?
(I think it should work as the yarn-cli command will distribute the
truststore and keystore to each TM )
https://ci.apache.org/projects/flink/flink-docs-release-1.3/ setup/security-ssl.html#use- yarn-cli-to-deploy-the- keystores-and-truststore
Regards,
Vinay Patil
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4. nabble.com/In-transit-Data-Enc ryption-in-EMR-tp13455.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
If you reply to this email, your message will be added to the discussion below:http://apache-flink-user-mailing-list-archive.2336050. n4.nabble.com/In-transit-Data- Encryption-in-EMR- tp13455p13459.html To start a new topic under Apache Flink User Mailing List archive., email [hidden email]
To unsubscribe from Apache Flink User Mailing List archive., click here.
NAML
| Free forum by Nabble | Edit this page |