Ensure that at-rest encryption is enabled for your AWS Glue job bookmarks in order to encrypt the bookmark data before it is sent to Amazon S3 for storage.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
To meet security and compliance requirements, it is highly recommended to enable encryption for your Amazon Glue job bookmark data. The job bookmark encryption mode can be enabled within AWS Glue security configurations (i.e. sets of security properties) that you associate with your AWS Glue jobs.
To determine if your AWS Glue security configurations have job bookmark encryption mode enabled, perform the following:
To enable encryption at rest for your AWS Glue job bookmarks, you need to re-create the associated security configurations with the job bookmark encryption mode enabled. To create and configure a new Amazon Glue security configuration, perform the following: