Ensure that encryption at rest is enabled for your Amazon Glue security configurations in order to meet regulatory requirements and prevent unauthorized users from getting access to the logging data published to AWS CloudWatch Logs. A security configuration is a set of encryption properties that are used by Amazon Glue service to configure encryption for crawlers, jobs and development endpoints.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
To meet security and compliance requirements, it is strongly recommended to implement encryption at rest when publishing AWS Glue logs to Amazon CloudWatch.
To determine if your AWS Glue security configurations have CloudWatch Logs encryption mode enabled, perform the following actions:
Remediation / Resolution
To enable encryption at rest for Amazon Glue logging data published to AWS CloudWatch Logs, you need to re-create the necessary security configurations with the CloudWatch Logs encryption mode enabled. To create and configure a new AWS Glue security configuration, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
CloudWatch Logs Encryption Mode
Risk level: Medium