Implementing Kerberos authentication for Apache Spark jobs on Amazon EMR on EKS to access a Kerberos-enabled Hive Metastore
Big Data Blog
This article provides a comprehensive guide to implementing Kerberos authentication for Apache Spark jobs on Amazon EMR on EKS to securely access a Kerberos-enabled Hive Metastore.
- Configure Spark jobs on EMR EKS with Kerberos credentials via ConfigMaps and Kubernetes secrets
- Deploy HMS with Kerberos authentication in EKS using service principals and keytabs
- Establish VPC peering between Active Directory and EKS VPCs for KDC connectivity
- Spark driver authenticates with KDC to obtain tickets for HMS service access
- Solution supports hybrid environments running both EMR EC2 and EMR EKS workloads
- Includes step-by-step deployment scripts and configuration examples in GitHub repository
- Recommends KMS envelope encryption for keytabs and TLS for Thrift data channel
This solution enables organizations to migrate to EMR EKS while maintaining existing Kerberos security infrastructure and unified authentication across data platforms.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jan 27
2026
2026
Secure Apache Spark writes to Amazon S3 on Amazon EMR with dynamic AWS KMS encryption
Feb 28
2025
2025
Design patterns for implementing Hive Metastore for Amazon EMR on EKS
Jun 3
2025
2025
Build a centralized observability platform for Apache Spark on Amazon EMR on EKS using external Spark History Server
Mar 13
2024
2024
Configure Kerberos authentication in Linux clients for Amazon RDS for SQL Server with AWS Managed Microsoft AD
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.