Ensure that encryption at rest is enabled for your Amazon Glue security configurations in order to meet regulatory requirements and prevent unauthorized users from getting access to the logging data published to AWS CloudWatch Logs. A security configuration is a set of encryption properties that are used by Amazon Glue service to configure encryption for crawlers, jobs and development endpoints.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
To meet security and compliance requirements, it is strongly recommended to implement encryption at rest when publishing AWS Glue logs to Amazon CloudWatch.
To determine if your AWS Glue security configurations have CloudWatch Logs encryption mode enabled, perform the following actions:
Remediation / Resolution
To enable encryption at rest for Amazon Glue logging data published to AWS CloudWatch Logs, you need to re-create the necessary security configurations with the CloudWatch Logs encryption mode enabled. To create and configure a new AWS Glue security configuration, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
CloudWatch Logs Encryption Mode
Risk level: Medium