Ensure that encryption at rest is enabled for your Amazon Glue Data Catalogs in order to meet regulatory requirements and prevent unauthorized users from getting access to sensitive data. With this feature enabled, you can encrypt AWS Glue Data Catalog objects such as databases, tables, partitions, connections and user-defined functions and also encrypt connection passwords that you provide when you create data connections. Amazon Glue is a fully managed ETL (Extract, Transform and Load) service that makes it simple and cost-effective to prepare and load your data for analytics. Glue consists of a central metadata repository known as the AWS Glue Data Catalog, an ETL engine that generates Python/Scala code and a scheduler that handles dependency resolution, job monitoring and retries.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When your Amazon Glue metadata repository (i.e. AWS Glue Data Catalog) is working with sensitive or private data, it is strongly recommended to implement encryption in order to protect this data from unapproved access and fulfill any compliance requirements defined within your organization for data-at-rest encryption.
To determine if your AWS Glue Data Catalogs are using encryption at rest, perform the following actions:
To enable encryption at rest for Amazon Glue Data Catalog objects and connection passwords, perform the following actions: