Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

How do I resolve Amazon EMR cluster logs that I can't view in an Amazon S3 bucket with an SSE-KMS encryption policy?

2 minute read

I want to resolve Amazon EMR cluster logs that I can't view in an Amazon Simple Storage Service (Amazon S3) bucket with a server-side encryption AWS Key Management Service (AWS KMS) encryption policy.

Resolution

To write logs to an Amazon S3 bucket that has an SSE-KMS encryption policy, use the sync command to manually upload the files.

Note:

If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
With Amazon EMR versions 5.30.0 and later (except Amazon EMR 6.0.0), you can encrypt log files that are stored in an Amazon S3 bucket with an AWS KMS customer managed key.

To use the sync command to manually upload your log files, complete the following steps:

Use SSH to connect to the primary node.
Locate the log files that you want to copy. For example, step logs are stored in /mnt/var/log/hadoop/steps on the primary node.

To copy the log files to the bucket, run the sync command:

aws s3 sync /mnt/var/log/hadoop/steps/ s3://example-bucket/elasticmapreduce/$example-cluster-id/steps/ --sse aws:kms --sse-kms-key-id example-kms-key-id

Note: Replace example-bucket with your bucket name, example-cluster-id with the cluster ID, and example-kms-key-id with the AWS KMS key ID.

Note: To automate the sync command, use a cron job. To configure the cron job, run a custom bootstrap action on all nodes when you launch an Amazon EMR cluster.

Related information

Using server-side encryption with AWS KMS keys (SSE-KMS)

What happens to new or existing objects when I turn on default encryption with AWS KMS on my Amazon S3 bucket?

Topics: Analytics
Tags: Amazon EMR
Language: English

AWS OFFICIALUpdated a year ago

No comments

Relevant content

EMR Cluster Logs
Dozzykingz
asked 3 years ago
S3 permissions for launching an EMR cluster
rePost-User-6832585
asked 3 years ago
Does S3 Strong Consistency mean disabling EMRFS Consistent Views?
Accepted Answer
EXPERT
Peter Chung
asked 5 years ago
EMR Cluster Failing + Kinesis-to-S3 tables Pipeline Issues: How to Debug?
Sabina
asked 9 months ago
Step logs not available in console/S3 in EMR
Accepted Answer
rePost-User-5672422
asked 2 years ago
How do I detect and diagnose Amazon EMR cluster issues?
AWS OFFICIALUpdated 2 years ago
How do I resolve an Amazon EMR cluster that has a blank Ganglia overview page?
AWS OFFICIALUpdated a year ago
How do I resolve an Amazon EMR cluster that doesn't terminate or terminates earlier than expected when I use an auto-termination policy?
AWS OFFICIALUpdated a year ago
Why can’t I view the Apache Spark history events or logs from the Spark web UI in Amazon EMR?
AWS OFFICIALUpdated a year ago
EMR Cluster failure with "Failed to start the job flow due to an internal error"
SUPPORT ENGINEER
Yokesh NK
published 2 years ago