Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EC26F200C88 for ; Fri, 2 Jun 2017 14:37:15 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E4B24160BD2; Fri, 2 Jun 2017 12:37:15 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 36A01160BD1 for ; Fri, 2 Jun 2017 14:37:15 +0200 (CEST) Received: (qmail 73821 invoked by uid 500); 2 Jun 2017 12:37:14 -0000 Mailing-List: contact user-help@flink.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list user@flink.apache.org Received: (qmail 73811 invoked by uid 99); 2 Jun 2017 12:37:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jun 2017 12:37:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id DD3AAC1838 for ; Fri, 2 Jun 2017 12:37:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.486 X-Spam-Level: *** X-Spam-Status: No, score=3.486 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.972, URI_HEX=1.313] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id EDmrTUgFS8nU for ; Fri, 2 Jun 2017 12:37:09 +0000 (UTC) Received: from mwork.nabble.com (mwork.nabble.com [162.253.133.43]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id BD1E85FDF0 for ; Fri, 2 Jun 2017 12:37:08 +0000 (UTC) Received: from mjoe.nabble.com (unknown [162.253.133.57]) by mwork.nabble.com (Postfix) with ESMTP id 84B2446B0D3D6 for ; Fri, 2 Jun 2017 05:37:07 -0700 (MST) Date: Fri, 2 Jun 2017 05:22:15 -0700 (PDT) From: vinay patil To: user@flink.apache.org Message-ID: <1496406135048-13455.post@n4.nabble.com> Subject: In-transit Data Encryption in EMR MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit archived-at: Fri, 02 Jun 2017 12:37:16 -0000 Hi, Currently I am looking into configuring in-transit data encryption either using Flink SSL Setup or directly using EMR. Few Doubts: 1. Will the existing functionality provided by Amazon to configure in-transit data encrytion work for Flink as well. This is explained here: http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-encryption-enable-security-configuration.html http://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-data-encryption-options.html#emr-encryption-intransit 2. Using Flink SSL Setup: as we know only the IP address of master node on EMR , should we pass only its ip address in the SAN list as given here ? (I think it should work as the yarn-cli command will distribute the truststore and keystore to each TM ) https://ci.apache.org/projects/flink/flink-docs-release-1.3/setup/security-ssl.html#use-yarn-cli-to-deploy-the-keystores-and-truststore Regards, Vinay Patil -- View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455.html Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.