Detections
Analytics

Ensure S3 encryption configuration is configured for AWS Glue Crawlers

MEDIUM

Description

Unencrypted S3 objects may expose sensitive customer data.

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the Glue Service dashboard.
  2. In the navigation panel select security configurations.
  3. Select the security configuration to edit.
  4. Check if S3 encryption mode feature status is set to ENABLED.

In Terraform -

  1. In the aws_glue_security_configuration resource, set 'encryption_configuration.s3_encryption.s3_encryption_mode' to 'ENABLED'.

References:
https://docs.aws.amazon.com/glue/latest/dg/encryption-security-configuration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration#encryption_configuration

Policy Details

Rule Reference ID: AC_AWS_0128
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_glue_security_configuration
Resource Category: Analytics
Resource Type: Glue

Frameworks