Disabled encryption is configured in AWS Glue security. Make sure that AWS Glue security is properly encrypted.
1resource "aws_glue_security_configuration" "sampletest" {
2 name = "sample"
3
4 # Noncompliant: Glue Security Configuration Encryption is disabled.
5 encryption_configuration {
6 cloudwatch_encryption {
7 cloudwatch_encryption_mode = "DISABLED"
8 }
9
10 job_bookmarks_encryption {
11 job_bookmarks_encryption_mode = "DISABLED"
12 }
13
14 s3_encryption {
15 kms_key_arn = var.aws_kms_key
16 s3_encryption_mode = "SSE-KMS"
17 }
18 }
19}
1resource "aws_glue_security_configuration" "sampletest" {
2 name = "sample"
3
4 # Compliant: Glue Security Configuration Encryption is enabled.
5 encryption_configuration {
6 cloudwatch_encryption {
7 cloudwatch_encryption_mode = "SSE-KMS"
8 kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
9 }
10
11 job_bookmarks_encryption {
12 job_bookmarks_encryption_mode = "CSE-KMS"
13 kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
14 }
15
16 s3_encryption {
17 kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
18 s3_encryption_mode = "SSE-KMS"
19 }
20 }
21}