From SSH to REST: A Security-Driven Modernization of Slack’s EMR Data Pipelines

Excerpt

By 2024, Slack’s data platform had accumulated 700+ SSH-based operators orchestrating critical data pipelines. We’re talking daily search indexing that processed terabytes of data, analytics jobs powering business intelligence, the whole shebang. Every single one of these jobs required direct SSH access to production AWS Elastic MapReduce (EMR) clusters. We had a massive security surface, and we couldn’t move forward on any infrastructure modernization. Not ideal.

We needed to eliminate SSH entirely. The solution? Migrate all 700+ jobs to a REST-based architecture. This is the story of how we killed SSH entirely, across 8 data regions, with zero downtime.

How We Got Here

Slack’s data platform was built around 2017 with a straightforward pattern. Airflow, our data pipeline orchestrator, needed to run jobs on EMR clusters, and SSH was the most direct path. Connect to the EMR master node, execute a command, done. Simple.

From SSH to REST: A Security-Driven Modernization of Slack’s EMR Data Pipelines

Other newsrooms on this story

Related reading

Advancing Our Chef Infrastructure: Safety Without Disruption

Other newsrooms on this story

Related reading

Advancing Our Chef Infrastructure: Safety Without Disruption

Developer Workstations Are Now Part of the Software Supply Chain

From Custom to Open: Scalable Network Probing and HTTP/3 Readiness with…

Streamlining Security Investigations with Agents

Astra Dynamic Chunks: How We Saved by Redesigning a Key Part of Astra

Pipeline security lessons from March supply chain incidents