Ensure EMR cluster archive log files to S3


To maintain logging data for historical purposes and to track and analyze the behavior of EMR clusters over an extended period, it is important to periodically archive and upload all EMR cluster log files to Amazon S3. EMR log files are deleted from the clusters automatically when the retention period expires, however, with this feature enabled, the Elastic MapReduce service will upload the log files from the cluster master node(s) to Amazon S3, allowing the logging data (such as step logs, Hadoop logs, and instance state logs) to be utilized later for troubleshooting or compliance purposes. Once activated, the EMR service archives and sends the log files to Amazon S3 at 5 minute intervals.


To ensure that EMR cluster log files are periodically archived and uploaded to S3, you can take the following remediation steps:

  1. Enable EMR log archiving to S3 - Configure EMR to archive log files to S3 by enabling the logging and monitoring feature for the EMR cluster.
  2. Specify the S3 bucket for log archiving - Configure the S3 bucket where the log files will be stored. Ensure that the S3 bucket is secure and access is restricted as necessary.
  3. Configure the retention period - Set the retention period for log files on the EMR cluster. This determines how long the log files will be kept on the EMR cluster before they are deleted.
  4. Monitor log archiving - Monitor the log archiving process to ensure that log files are being periodically archived and uploaded to S3. This can be done by reviewing the S3 bucket for log files and verifying that they are being created at the expected intervals.

By following these remediation steps, you can ensure that log files for your EMR cluster are periodically archived and uploaded to S3 for historical purposes or to track and analyze the behavior of the EMR cluster over an extended period.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.