Glue Data Catalog encryption is not enabled

Home
»
AWS Documentation
»
General
»
Glue Data Catalog encryption is not enabled

Glue Data Catalog encryption is not enabled

Description

This examines the resource aws_glue_data_catalog_encryption_settings and checks that encryption is set up. The properties encrypted_at_rest and connection_encrypted in the blocks connection_password_encryption and encryption_at_rest are examined.

Fix - Runtime

AWS Console

TBA

CLI Command

Fix - Buildtime

Terraform

Resource aws_glue_data_catalog_encryption_settings
Arguments data_catalog_encryption_settings\connection_password_encryption and data_catalog_encryption_settings\encryption_at_rest blocks

` ` `go aws_glue_data_catalog_encryption_settings.examplea.tf resource “aws_glue_data_catalog_encryption_settings” “example” { … + data_catalog_encryption_settings { + connection_password_encryption { + aws_kms_key_id = aws_kms_key.glue.arn + return_connection_password_encrypted = true + } + encryption_at_rest { + catalog_encryption_mode = “SSE-KMS” + sse_aws_kms_key_id = aws_kms_key.glue.arn + } + } … }

## CloudFormation

– **Resource** AWS::Glue::DataCatalogEncryptionSettings

– **Arguments** Properties.DataCatalogEncryptionSettings

` ` `yaml

Resources:

Example:

Type: ‘AWS::Glue::DataCatalogEncryptionSettings’

Properties:

…

DataCatalogEncryptionSettings:

ConnectionPasswordEncryption:

…

+ ReturnConnectionPasswordEncrypted: True

EncryptionAtRest:

…

+ CatalogEncryptionMode: “SSE-KMS”