EMR Cluster Master Node Public Access Check

ID: rule:aliyun:emr-cluster-master-public-access-check
Severity: medium

Description

EMR on ECS cluster master nodes should not have public IP enabled.

Reason for Violation

EMR master nodes with public IP enabled may be exposed to the internet, increasing security risks.

Recommendation

Set 'IsOpenPublicIp' to false for the EMR cluster and use a NAT gateway or bastion host for access.

Resource Types

• ALIYUN::EMR::Cluster