AWS Glue Data Catalog Encryption Settings

This page shows how to write Terraform and CloudFormation for AWS Glue Data Catalog Encryption Settings and write them securely.

aws_glue_data_catalog_encryption_settings (Terraform)

The Data Catalog Encryption Settings in AWS Glue can be configured in Terraform with the resource name aws_glue_data_catalog_encryption_settings. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

aws_glue_data_catalog_encryption_settings.tf#L1
resource "aws_glue_data_catalog_encryption_settings" "test" {
  data_catalog_encryption_settings {
    connection_password_encryption {
      aws_kms_key_id                       = aws_kms_key.test.arn
      return_connection_password_encrypted = true
    }
aws_glue_data_catalog_encryption_settings.examplea.tf#L1
resource "aws_glue_data_catalog_encryption_settings" "examplea" {
  data_catalog_encryption_settings {
    connection_password_encryption {
      aws_kms_key_id                       = var.kms_key.id
      return_connection_password_encrypted = true
    }
main.tf#L29
resource "aws_glue_data_catalog_encryption_settings" "aws_glue_data_catalog_encryption" {
  data_catalog_encryption_settings {
    connection_password_encryption {
      aws_kms_key_id                       = module.kms_datalake_glue_catalog_key.kms_arn
      return_connection_password_encrypted = true
    }
glue_data_catalog_encryption_settings.tf#L4
resource "aws_glue_data_catalog_encryption_settings" "glue_data_catalog_encryption_settings" {
  count = var.enable_glue_data_catalog_encryption_settings ? 1 : 0

  catalog_id = var.glue_data_catalog_encryption_settings_catalog_id

  data_catalog_encryption_settings {
positive4.tf#L1
resource "aws_glue_data_catalog_encryption_settings" "positive4" {
  data_catalog_encryption_settings {
    connection_password_encryption {
      aws_kms_key_id                       = aws_kms_key.test.arn
      return_connection_password_encrypted = true
    }

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a Glue Data Catalog Encryption Settings resource.

AWS::Glue::DataCatalogEncryptionSettings (CloudFormation)

The DataCatalogEncryptionSettings in Glue can be configured in CloudFormation with the resource name AWS::Glue::DataCatalogEncryptionSettings. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

GlueDataCatalogEncryption-FAILED.yml#L4
    Type: 'AWS::Glue::DataCatalogEncryptionSettings'
    Properties:
      CatalogId: "CatalogId"
      DataCatalogEncryptionSettings:
        ConnectionPasswordEncryption:
          KmsKeyId: "KmsKeyId"
GlueDataCatalogEncryption-PASSED.yml#L4
    Type: 'AWS::Glue::DataCatalogEncryptionSettings'
    Properties:
      CatalogId: "CatalogId"
      DataCatalogEncryptionSettings:
        ConnectionPasswordEncryption:
          KmsKeyId: "KmsKeyId"
GlueDataCatalogEncryption-FAILED.yml#L4
    Type: 'AWS::Glue::DataCatalogEncryptionSettings'
    Properties:
      CatalogId: "CatalogId"
      DataCatalogEncryptionSettings:
        ConnectionPasswordEncryption:
          KmsKeyId: "KmsKeyId"
GlueDataCatalogEncryption-FAILED.yml#L4
    Type: 'AWS::Glue::DataCatalogEncryptionSettings'
    Properties:
      CatalogId: "CatalogId"
      DataCatalogEncryptionSettings:
        ConnectionPasswordEncryption:
          KmsKeyId: "KmsKeyId"
GlueDataCatalogEncryption-FAILED.yml#L4
    Type: 'AWS::Glue::DataCatalogEncryptionSettings'
    Properties:
      CatalogId: "CatalogId"
      DataCatalogEncryptionSettings:
        ConnectionPasswordEncryption:
          KmsKeyId: "KmsKeyId"
GlueDataCatalogEncryptionSettingsSpecification.json#L3
    "AWS::Glue::DataCatalogEncryptionSettings.ConnectionPasswordEncryption": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html",
      "Properties": {
        "ReturnConnectionPasswordEncrypted": {
          "Required": false,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html#cfn-glue-datacatalogencryptionsettings-connectionpasswordencryption-returnconnectionpasswordencrypted",
template.json#L287
    "AWS::Glue::DataCatalogEncryptionSettings": {
      "Type": "AWS::Glue::DataCatalogEncryptionSettings",
      "Properties": {}
    },
    "AWS::SNS::Topic": {
      "Type": "AWS::SNS::Topic",
awsResouceIconMatches.json#L1338
        "resourceType": "AWS::Glue::DataCatalogEncryptionSettings",
        "filePath": null
      },
      {
        "resourceType": "AWS::Glue::Workflow",
        "filePath": "icons/aws/Service/Arch_Analytics/Arch_64/Arch_AWS-Glue_64@5x.png"

Parameters

Explanation in CloudFormation Registry

Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter.

Frequently asked questions

What is AWS Glue Data Catalog Encryption Settings?

AWS Glue Data Catalog Encryption Settings is a resource for Glue of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Glue Data Catalog Encryption Settings?

For Terraform, the JamesWoolfenden/check-encrypt, JamesWoolfenden/terraform-aws-glue-crawler and subtilf/datalake-on-aws source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the bridgecrewio/checkov, melscoop-test/check and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.