Ensure Glue component has a security configuration associated

Error: AWS Glue component has no security configuration associated

Bridgecrew Policy ID: BC_AWS_GENERAL_112
Checkov Check ID: CKV_AWS_195
Severity: HIGH

AWS Glue component has no security configuration associated

Description

Ensure that AWS Glue components Crawlers, Jobs, and Development Endpoints have a security configuration associated. It is needed to encrypt data at rest.

Fix - Runtime

CLI Command

aws glue update-crawler \
  --name <value> \
  [--crawler-security-configuration <value>]

Fix - Buildtime

Terraform

  • Resource: aws_glue_crawler, aws_glue_dev_endpoint and aws_glue_job
  • Arguments: security_configuration
resource "aws_glue_crawler" "example" {
  name = "example"
  ...

  security_configuration = aws_glue_security_configuration.example.name
}

CloudFormation

  • Resource: AWS::Glue::Crawler, AWS::Glue::DevEndpoint and AWS::Glue::Job
  • Arguments: Properties.CrawlerSecurityConfiguration or SecurityConfiguration
Resources:
  Crawler:
    Type: AWS::Glue::Crawler
    Properties:
      Name: example
      ...
      
      CrawlerSecurityConfiguration: !Ref SecurityConfiguration

  Job:
    Type: AWS::Glue::Job
    Properties:
      Name: example
      ...
      
      SecurityConfiguration: !Ref SecurityConfiguration

Did this page help you?