AWS Glue Data Catalog Encryption Settings
This page shows how to write Terraform and CloudFormation for AWS Glue Data Catalog Encryption Settings and write them securely.
aws_glue_data_catalog_encryption_settings (Terraform)
The Data Catalog Encryption Settings in AWS Glue can be configured in Terraform with the resource name aws_glue_data_catalog_encryption_settings. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_glue_data_catalog_encryption_settings" "test" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = aws_kms_key.test.arn
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "examplea" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = var.kms_key.id
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "aws_glue_data_catalog_encryption" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = module.kms_datalake_glue_catalog_key.kms_arn
return_connection_password_encrypted = true
}
resource "aws_glue_data_catalog_encryption_settings" "glue_data_catalog_encryption_settings" {
count = var.enable_glue_data_catalog_encryption_settings ? 1 : 0
catalog_id = var.glue_data_catalog_encryption_settings_catalog_id
data_catalog_encryption_settings {
resource "aws_glue_data_catalog_encryption_settings" "positive4" {
data_catalog_encryption_settings {
connection_password_encryption {
aws_kms_key_id = aws_kms_key.test.arn
return_connection_password_encrypted = true
}
Parameters
-
catalog_idoptional computed - string -
idoptional computed - string -
data_catalog_encryption_settingslist block-
connection_password_encryptionlist block-
aws_kms_key_idoptional - string -
return_connection_password_encryptedrequired - bool
-
-
encryption_at_restlist block-
catalog_encryption_moderequired - string -
sse_aws_kms_key_idoptional - string
-
-
Explanation in Terraform Registry
Provides a Glue Data Catalog Encryption Settings resource.
AWS::Glue::DataCatalogEncryptionSettings (CloudFormation)
The DataCatalogEncryptionSettings in Glue can be configured in CloudFormation with the resource name AWS::Glue::DataCatalogEncryptionSettings. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
Type: 'AWS::Glue::DataCatalogEncryptionSettings'
Properties:
CatalogId: "CatalogId"
DataCatalogEncryptionSettings:
ConnectionPasswordEncryption:
KmsKeyId: "KmsKeyId"
"AWS::Glue::DataCatalogEncryptionSettings.ConnectionPasswordEncryption": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html",
"Properties": {
"ReturnConnectionPasswordEncrypted": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html#cfn-glue-datacatalogencryptionsettings-connectionpasswordencryption-returnconnectionpasswordencrypted",
"AWS::Glue::DataCatalogEncryptionSettings": {
"Type": "AWS::Glue::DataCatalogEncryptionSettings",
"Properties": {}
},
"AWS::SNS::Topic": {
"Type": "AWS::SNS::Topic",
"resourceType": "AWS::Glue::DataCatalogEncryptionSettings",
"filePath": null
},
{
"resourceType": "AWS::Glue::Workflow",
"filePath": "icons/aws/Service/Arch_Analytics/Arch_64/Arch_AWS-Glue_64@5x.png"
Parameters
-
DataCatalogEncryptionSettingsrequired - DataCatalogEncryptionSettings -
CatalogIdrequired - String
Explanation in CloudFormation Registry
Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter.
Frequently asked questions
What is AWS Glue Data Catalog Encryption Settings?
AWS Glue Data Catalog Encryption Settings is a resource for Glue of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Glue Data Catalog Encryption Settings?
For Terraform, the JamesWoolfenden/check-encrypt, JamesWoolfenden/terraform-aws-glue-crawler and subtilf/datalake-on-aws source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the bridgecrewio/checkov, melscoop-test/check and sprathod369/iac-example source code examples are useful. See the CloudFormation Example section for further details.
