Detections
Analytics

Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers

MEDIUM

Description

Disabling JOB bookmark encryption for AWS Glue Crawlers may expose sensitive data.

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the Glue Service dashboard.
  2. In the navigation panel select security configurations.
  3. Select the security configuration to edit.
  4. Check if Job bookmark encryption mode feature status is set to ENABLED.

In Terraform -

  1. In the aws_glue_security_configuration resource, set 'encryption_configuration.job_bookmarks_encryption.job_bookmarks_encryption_mode' to 'ENABLED'.

References:
https://docs.aws.amazon.com/glue/latest/dg/encryption-security-configuration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration#encryption_configuration

Policy Details

Rule Reference ID: AC_AWS_0130
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_glue_security_configuration
Resource Category: Analytics
Resource Type: Glue

Frameworks