Merge remote-tracking branch 'origin/main' into main

Varun Rao Bhamidimarri · Varun Rao Bhamidimarri · commit 127204e8f354 · 2023-02-23T09:20:58.000-08:00
diff --git a/aws_emr_blog_v3/README.md b/aws_emr_blog_v3/README.md
@@ -9,35 +9,30 @@ The code deploys the following:
 - Kerberos Enabled Amazon EMR cluster (EMR 5.32) with AWS Managed Ranger Plugins
      * Amazon S3
      * Apache Hive
-        * Blog - [Introducing Amazon EMR integration with Apache Ranger](https://aws.amazon.com/blogs/big-data/introducing-amazon-emr-integration-with-apache-ranger/)
+        * Blog -  <a href="https://aws.amazon.com/blogs/big-data/introducing-amazon-emr-integration-with-apache-ranger/" target="_blank">Introducing Amazon EMR integration with Apache Ranger</a>
      * Apache Spark
         * Blog - [Authorize SparkSQL data manipulation on Amazon EMR using Apache Ranger](https://aws.amazon.com/blogs/big-data/authorize-sparksql-data-manipulation-on-amazon-emr-using-apache-ranger/)
      * Apache Tino (> EMR 6.7)
        * Blog (**New!**) - [Enable federated governance using Trino and Apache Ranger on Amazon EMR](https://aws.amazon.com/blogs/big-data/enable-federated-governance-using-trino-and-apache-ranger-on-amazon-emr/)
 
-> **NOTE:** the code only run under us-east-1 (N. Virginia). You can copy to your regional bucket to deploy in a different region. Also, create [Issue](https://github.com/aws-samples/aws-emr-apache-ranger/issues/new) if you would like support for additional regions using this repo. 
+> **NOTE:** the code currenlty resides in a us-east-1 (N. Virginia) bucket. The CFN supports automatic creation of regional bucket required for the Lambda code and the EMR bootstrap scripts.
 >
 
-### NOTE: Apache Ranger plugins and Apache Ranger Admin Server SSL Keys and Certs have to be uploaded to AWS Secrets Manager for Cloudformation scripts to work
+### NOTE: Apache Ranger plugins and Apache Ranger Admin Server SSL Keys and Certs have to be uploaded to AWS Secrets Manager for Cloudformation scripts to work. The CFN automates the creation and upload of certs.
 
 ## Cloudformation Launch Steps:
 
 Review these active items currenlty in under the V3 main branch [https://github.com/aws-samples/aws-emr-apache-ranger/projects/1?card_filter_query=label%3Av3]
 
- 1. If you need to launch this stack in a region `outside US-East-1`, run the following steps, else skip to the next step.
-    - Create a regional S3 bucket in your account in the target region : eg S3 Bucket in eu-north-1: test-emr-eu-north-1
-    - Run the Script [setup-regional-ranger-automation.sh](../aws_emr_blog_v3/scripts/setup-regional-ranger-automation.sh) to copy the required artifacts to the regional bucket (NOTE: this only copies the Lambda code and the EMR bootstrap script)
-  
- 2. Create and Upload SSL keys and certs to AWS Secrets Manager. This is used to encrypt traffic between Ranger server/agents [Script](../aws_emr_blog_v3/scripts/emr-tls/create-tls-certs.sh) 
-   - NOTE: DEFAULT_EC2_REALM parameter value should be "ec2.internal" if US-EAST-1 and "compute.internal" for other regions. AWS_REGION will be the other argument (eg: eu-north-1)
- 3. Create VPC/AD server (takes ~10 min to run) [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step1&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/3.0/cloudformation/step1_vpc-ec2-ad.template)
-    - NOTE: If you are launching this `outside US-East-1`, the `S3Bucket` parameter should be the new regional bucket you created on step 1: eg: test-emr-eu-north-1
- 4. Setup the Ranger Server/RDS Instance/EMR Cluster (takes ~15 min to run) [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step2&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/3.0/cloudformation/step2_ranger-rds-emr.template) 
-    - NOTE: If you are launching this `outside US-East-1`, the `S3Bucket` parameter new regional bucket you created on step 1 : eg: test-emr-eu-north-1
-    - If you need to deploy each of the steps individually follow the steps below:
-      - Deploy RDS instace [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step2&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/3.0/cloudformation/rds-database.template)
-      - Deploy the Ranger server [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step2&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/3.0/cloudformation/ranger-server.template)
-      - Deploy the EMR server [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step2&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/3.0/cloudformation/emr-template.template)
+ 1. Create VPC/AD server (takes ~10 min to run) [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step1&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/v3/cloudformation/step1_vpc-ec2-ad.template)
+    - NOTE: The 'beta' code supports multi-region deployment by creating a new regional bucket
+ 2. Setup the Ranger Server/RDS Instance/EMR Cluster (takes ~15 min to run) [![Foo](../images/launch_stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMRSecurityWithRangerBlogV3-Step2&templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger/v3/cloudformation/step2_ranger-rds-emr.template)
+  - NOTE: The 'V3' code now supports multi-region deployment by creating a new regional bucket. Make sure you select the following parameter values to allow multi-region deployment (required is cluster in not in US-EAST-1) and automatic creation of the self-signed certs required by EMR for Ranger integration. 
+    - **CreateRegionalS3BucketAndCopyScripts: 'true'** -- Will create a regional bucket and copy the required files
+    - **CreateTLSCerts: 'true'** -- Will create self-signed certs and upload to Secrets manager
+    
+    ![image](https://user-images.githubusercontent.com/1559391/211591074-7260e5f7-3fd0-4e82-9d81-fbdc93350d70.png)
+    ![image](https://user-images.githubusercontent.com/1559391/211591175-45e592ca-7207-47f6-8f79-77cda7154d2d.png)
 
 ## (BETA code) Cloudformation Launch Steps:
 All active development code is under the Beta branch. Review these active items currenlty in Beta (https://github.com/aws-samples/aws-emr-apache-ranger/projects/1?card_filter_query=label%3Abeta). NOTE: It may not be fully tested and may not work with all EMR versions.
