Get Your Own KDC and Allow Kerberos Authentication in Amazon EMR

Now you can use an external Kerberos KDC to validate applications and users executing on your EMR cluster with Amazon EMR release 5.20.0 or later. This new feature enables you to link several Kerberized EMR clusters to a centralized external KDC and allow applications running inside these clusters which utilize Kerberos for validation to cross-authenticate with each other excluding your requiring to build a cross-realm trust. This potential will be mostly applicable in scenarios where you require several clusters to validate to a central data lake cluster to access data to submit and execute jobs. Also you can frame a cross-realm faith between an external KDC and an Active Directory domain on premises or in Amazon EC2. This permits users in your corporate directory to more safely access all Kerberized EMR clusters which validate to that KDC with the use of their known Active Directory domain credentials. To know about configuring and using an external KDC on EMR, visit Using Kerberos Authentication and External KDC Architecture Options in the Amazon EMR Management Guide. This feature is accessible in each supported regions for Amazon EMR