Best practice rules for AWS Glue
Trend Micro Cloud One™ – Conformity monitors AWS Glue with the following rules:
- CloudWatch Logs Encryption Mode
Ensure that at-rest encryption is enabled when writing Amazon Glue logs to CloudWatch Logs.
- Glue Data Catalog Encrypted With KMS Customer Master Keys
Ensure that Amazon Glue Data Catalogs enforce data-at-rest encryption using KMS CMKs.
- Glue Data Catalog Encryption At Rest
Ensure that Amazon Glue Data Catalog objects and connection passwords are encrypted.
- Job Bookmark Encryption Mode
Ensure that encryption at rest is enabled for Amazon Glue job bookmarks.
- S3 Encryption Mode
Ensure that at-rest encryption is enabled when writing AWS Glue data to Amazon S3.