AWS Glue
Developer Guide

Security in AWS Glue

You can manage your AWS Glue resources and your data stores by using authentication, access control, and encryption.

Use AWS Identity and Access Management (IAM) policies to assign permissions and control access to AWS Glue resources.

AWS Glue allows you to encrypt data, logs, and bookmarks using keys that you manage with AWS KMS. You can configure ETL jobs and development endpoints to use AWS KMS keys to write encrypted data at rest. Additionally, you can use AWS KMS keys to encrypt the logs generated by crawlers and ETL jobs, as well as, encrypt ETL job bookmarks. You can also encrypt the metadata stored in the Data Catalog with keys that you manage with AWS KMS.