AWS Glue security configuration encryption is not enabled

Home
»
AWS Documentation
»
General
»
AWS Glue security configuration encryption is not enabled

AWS Glue security configuration encryption is not enabled

Description

Ensure that AWS Glue has encryption enabled. AWS glue has three possible components that could be encrypted: Cloudwatch, job bookmarks and S3 buckets. This check ensures that each is set correctly.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

**Resource: ** aws_glue_security_configuration
Arguments: encryption_configuration, job_bookmarks_encryption, s3_encryption

“`go aws_glue_security_configuration.test.tf resource “aws_glue_security_configuration” “test” { name = “example” … + encryption_configuration { + cloudwatch_encryption { + cloudwatch_encryption_mode = “SSE-KMS” + kms_key_arn = aws_kms_key.example.arn + }

job_bookmarks_encryption {
job_bookmarks_encryption_mode = “CSE-KMS”
kms_key_arn = aws_kms_key.example.arn
}
s3_encryption {
kms_key_arn = aws_kms_key.example.arn
s3_encryption_mode = “SSE-KMS”
}
} }

## CloudFormation

– **Resource: ** AWS::Glue::SecurityConfiguration

– **Arguments:** Properties.EncryptionConfiguration

` ` `yaml

Resources:

Resource0:

Type: AWS::Glue::SecurityConfiguration

Properties:

…

EncryptionConfiguration:

CloudWatchEncryption:

+ CloudWatchEncryptionMode: SSE-KMS #any value but ‘DISABLED’

…

JobBookmarksEncryption:

+ JobBookmarksEncryptionMode: CSE-KMS #any value but ‘DISABLED’

…

S3Encryptions:

+ S3EncryptionMode: SSE-KMS #any value but ‘DISABLED’

…