- Home
- »
- AWS Documentation
- »
- General
- »
- AWS Glue security configuration encryption is not enabled
AWS Glue security configuration encryption is not enabled
Description
Ensure that AWS Glue has encryption enabled. AWS glue has three possible components that could be encrypted: Cloudwatch, job bookmarks and S3 buckets. This check ensures that each is set correctly.
Fix - Runtime
AWS Console
TBA
Fix - Buildtime
Terraform
- **Resource: ** aws_glue_security_configuration
- Arguments: encryption_configuration, job_bookmarks_encryption, s3_encryption
“`go aws_glue_security_configuration.test.tf resource “aws_glue_security_configuration” “test” { name = “example” … + encryption_configuration { + cloudwatch_encryption { + cloudwatch_encryption_mode = “SSE-KMS” + kms_key_arn = aws_kms_key.example.arn + }
- job_bookmarks_encryption {
- job_bookmarks_encryption_mode = “CSE-KMS”
- kms_key_arn = aws_kms_key.example.arn
}
s3_encryption {
- kms_key_arn = aws_kms_key.example.arn
- s3_encryption_mode = “SSE-KMS”
- }
- } }
## CloudFormation
– **Resource: ** AWS::Glue::SecurityConfiguration
– **Arguments:** Properties.EncryptionConfiguration
` ` `yaml
Resources:
Resource0:
Type: AWS::Glue::SecurityConfiguration
Properties:
…
EncryptionConfiguration:
CloudWatchEncryption:
+ CloudWatchEncryptionMode: SSE-KMS #any value but ‘DISABLED’
…
JobBookmarksEncryption:
+ JobBookmarksEncryptionMode: CSE-KMS #any value but ‘DISABLED’
…
S3Encryptions:
+ S3EncryptionMode: SSE-KMS #any value but ‘DISABLED’
…