Ensure that at-rest encryption is enabled for your AWS Glue job bookmarks in order to encrypt the bookmark data before it is sent to Amazon S3 for storage.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
To meet security and compliance requirements, it is highly recommended to enable encryption for your Amazon Glue job bookmark data. The job bookmark encryption mode can be enabled within AWS Glue security configurations (i.e. sets of security properties) that you associate with your AWS Glue jobs.
To determine if your AWS Glue security configurations have job bookmark encryption mode enabled, perform the following:
Remediation / Resolution
To enable encryption at rest for your AWS Glue job bookmarks, you need to re-create the associated security configurations with the job bookmark encryption mode enabled. To create and configure a new Amazon Glue security configuration, perform the following:
- AWS Documentation
- AWS Glue FAQs
- AWS Glue Components
- Security in AWS Glue
- Encryption and Secure Access for AWS Glue
- Working with Security Configurations on the AWS Glue Console
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Job Bookmark Encryption Mode
Risk level: Medium