Description

EMR, Elastic MapReduce, is a managed cluster platform that simplifies running big data frameworks. EMR cluster is a collection of Amazon Elastic Compute Cloud (Amazon EC2) instances. Each instance in the cluster is called a node. The master node manages the cluster and coordinates the distribution of data and tasks among other nodes for processing. Master node {AwsEmrInstance} has an associated public IP address. Although it allows to create a secure access using SSH tunnel, associating the master node with public IP address directly and not within a VPC or a private subnet that has IPv4 does not stand with security best practices.

• 

  Recommended Mitigation

  It is recommended to create a new cluster in VPC private subnet. After launch, it is not possible to manually disassociate a public IPv4 address from that instance. For more information: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-vpc-launching-job-flows.html