Ensure that encryption at rest is enabled within your Amazon Glue security configurations to meet regulatory requirements and prevent unauthorized users from getting access to the data written to Amazon S3. A security configuration is a set of security properties that can be used by AWS Glue to configure encryption for processes and resources associated with the security configuration such as jobs, crawlers and development endpoints.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enable encryption when writing AWS Glue data to Amazon S3 in order to meet security and compliance requirements within your organization. With S3 encryption enabled, when you run crawlers, execute ETL jobs or start development endpoints, AWS Key Management Service (KMS) keys are used to encrypt your data at rest.
To determine if your Amazon Glue security configurations have S3 encryption mode enabled, perform the following actions:
Remediation / Resolution
To enable encryption when writing AWS Glue data to Amazon S3, you must to re-create the security configurations associated with your ETL jobs, crawlers and development endpoints, with the S3 encryption mode enabled. To create and configure a new Amazon Glue security configuration, perform the following:
- AWS Documentation
- AWS Glue FAQs
- AWS Glue Components
- Security in AWS Glue
- Encryption and Secure Access for AWS Glue
- Working with Security Configurations on the AWS Glue Console
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
S3 Encryption Mode
Risk level: Medium