AWS Glue Data Catalog Encryption Settings
This page shows how to write Terraform and CloudFormation for AWS Glue Data Catalog Encryption Settings and write them securely.
aws_glue_data_catalog_encryption_settings (Terraform)
The Data Catalog Encryption Settings in AWS Glue can be configured in Terraform with the resource name aws_glue_data_catalog_encryption_settings
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_glue_data_catalog_encryption_settings" "test" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = aws_kms_key.test.arn
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "examplea" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = var.kms_key.id
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "aws_glue_data_catalog_encryption" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = module.kms_datalake_glue_catalog_key.kms_arn
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "glue_data_catalog_encryption_settings" {
count = var.enable_glue_data_catalog_encryption_settings ? 1 : 0
catalog_id = var.glue_data_catalog_encryption_settings_catalog_id
data_catalog_encryption_settings {
resource "aws_glue_data_catalog_encryption_settings" "positive4" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = aws_kms_key.test.arn
return_connection_password_encrypted = true
}
Parameters
-
catalog_id
optional computed - string -
id
optional computed - string -
data_catalog_encryption_settings
list block-
connection_password_encryption
list block-
aws_kms_key_id
optional - string -
return_connection_password_encrypted
required - bool
-
-
encryption_at_rest
list block-
catalog_encryption_mode
required - string -
sse_aws_kms_key_id
optional - string
-
-
Explanation in Terraform Registry
Provides a Glue Data Catalog Encryption Settings resource.
AWS::Glue::DataCatalogEncryptionSettings (CloudFormation)
The DataCatalogEncryptionSettings in Glue can be configured in CloudFormation with the resource name AWS::Glue::DataCatalogEncryptionSettings
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
"AWS::Glue::DataCatalogEncryptionSettings.ConnectionPasswordEncryption": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html",
"Properties": {
"ReturnConnectionPasswordEncrypted": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html#cfn-glue-datacatalogencryptionsettings-connectionpasswordencryption-returnconnectionpasswordencrypted",
"AWS::Glue::DataCatalogEncryptionSettings": {
"Type": "AWS::Glue::DataCatalogEncryptionSettings",
"Properties": {}
},
"AWS::SNS::Topic": {
"Type": "AWS::SNS::Topic",
"resourceType": "AWS::Glue::DataCatalogEncryptionSettings",
"filePath": null
},
{
"resourceType": "AWS::Glue::Workflow",
"filePath": "icons/aws/Service/Arch_Analytics/Arch_64/Arch_AWS-Glue_64@5x.png"
Parameters
-
DataCatalogEncryptionSettings
required - DataCatalogEncryptionSettings -
CatalogId
required - String
Explanation in CloudFormation Registry
Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter.
Frequently asked questions
What is AWS Glue Data Catalog Encryption Settings?
AWS Glue Data Catalog Encryption Settings is a resource for Glue of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Glue Data Catalog Encryption Settings?
For Terraform, the JamesWoolfenden/check-encrypt, JamesWoolfenden/terraform-aws-glue-crawler and subtilf/datalake-on-aws source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the bridgecrewio/checkov, melscoop-test/check and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.