Disabled AWS Glue security encryption High

Disabled encryption is configured in AWS Glue security. Make sure that AWS Glue security is properly encrypted.

Detector ID
terraform/disabled-glue-sec-encrypt-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_glue_security_configuration" "sampletest" {
2  name  = "sample"
3
4  # Noncompliant: Glue Security Configuration Encryption is disabled.
5  encryption_configuration {
6    cloudwatch_encryption {
7      cloudwatch_encryption_mode = "DISABLED"
8    }
9
10    job_bookmarks_encryption {
11      job_bookmarks_encryption_mode = "DISABLED"
12    }
13
14    s3_encryption {
15      kms_key_arn        = var.aws_kms_key
16      s3_encryption_mode = "SSE-KMS"
17    }
18  }
19}

Compliant example

1resource "aws_glue_security_configuration" "sampletest" {
2  name  = "sample"
3
4  # Compliant: Glue Security Configuration Encryption is enabled.
5  encryption_configuration {
6    cloudwatch_encryption {
7      cloudwatch_encryption_mode = "SSE-KMS"
8      kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
9    }
10
11    job_bookmarks_encryption {
12      job_bookmarks_encryption_mode = "CSE-KMS"
13      kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
14    }
15
16    s3_encryption {
17      kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
18      s3_encryption_mode = "SSE-KMS"
19    }
20  }
21}