Ensure that encryption at rest is enabled for your Amazon Glue security configurations in order to meet regulatory requirements and prevent unauthorized users from getting access to the logging data published to AWS CloudWatch Logs. A security configuration is a set of encryption properties that are used by Amazon Glue service to configure encryption for crawlers, jobs and development endpoints.
To meet security and compliance requirements, it is strongly recommended to implement encryption at rest when publishing AWS Glue logs to Amazon CloudWatch.
To determine if your AWS Glue security configurations have CloudWatch Logs encryption mode enabled, perform the following actions:
To enable encryption at rest for Amazon Glue logging data published to AWS CloudWatch Logs, you need to re-create the necessary security configurations with the CloudWatch Logs encryption mode enabled. To create and configure a new AWS Glue security configuration, perform the following actions: