AWS Glue Security Configuration

This page shows how to write Terraform and CloudFormation for AWS Glue Security Configuration and write them securely.

aws_glue_security_configuration (Terraform)

The Security Configuration in AWS Glue can be configured in Terraform with the resource name aws_glue_security_configuration. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L5
resource "aws_glue_security_configuration" "glue_security" {
  name = var.security_name

  encryption_configuration {
    cloudwatch_encryption {
    }
main.tf#L21
resource "aws_glue_security_configuration" "main" {
  name        = var.database

  encryption_configuration {
    cloudwatch_encryption {
      cloudwatch_encryption_mode = "DISABLED"
main.tf#L5
resource "aws_glue_security_configuration" "glue_security" {
  name = var.security_name

  encryption_configuration {
    cloudwatch_encryption {
    }
positive1.tf#L1
resource "aws_glue_security_configuration" "positive1" {
  name = "example"

  encryption_configuration {
    cloudwatch_encryption {
      cloudwatch_encryption_mode = "SSE-KMS"
positive3.tf#L1
resource "aws_glue_security_configuration" "positive2" {
  name = "example"

  encryption_configuration {
    cloudwatch_encryption {
      cloudwatch_encryption_mode = "SSE-KMS"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages a Glue Security Configuration.

AWS::Glue::SecurityConfiguration (CloudFormation)

The SecurityConfiguration in Glue can be configured in CloudFormation with the resource name AWS::Glue::SecurityConfiguration. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

infra2.yml#L96
      Type: "AWS::Glue::SecurityConfiguration"
      Properties:
          EncryptionConfiguration:
              S3Encryptions:
                  - KmsKeyArn: !Ref KmsS3Arn
                    S3EncryptionMode: SSE-KMS
GlueSecurityConfiguration-PASSED.yml#L4
    Type: AWS::Glue::SecurityConfiguration
    Properties:
      Name: Name
      EncryptionConfiguration:
        CloudWatchEncryption:
          CloudWatchEncryptionMode: SSE-KMS
GlueSecurityConfiguration-PASSED.yml#L4
    Type: AWS::Glue::SecurityConfiguration
    Properties:
      Name: Name
      EncryptionConfiguration:
        CloudWatchEncryption:
          CloudWatchEncryptionMode: SSE-KMS
GlueSecurityConfiguration-FAILED.yml#L4
    Type: AWS::Glue::SecurityConfiguration
    Properties:
      Name: Name
      EncryptionConfiguration:
        CloudWatchEncryption:
          CloudWatchEncryptionMode: DISABLED
GlueSecurityConfiguration-FAILED.yml#L4
    Type: AWS::Glue::SecurityConfiguration
    Properties:
      Name: Name
      EncryptionConfiguration:
        CloudWatchEncryption:
          CloudWatchEncryptionMode: DISABLED
integ.security-configuration.expected.json#L39
      "Type": "AWS::Glue::SecurityConfiguration",
      "Properties": {
        "EncryptionConfiguration": {
          "CloudWatchEncryption": {
            "CloudWatchEncryptionMode": "SSE-KMS",
            "KmsKeyArn": {
integ.security-configuration.expected.json#L39
      "Type": "AWS::Glue::SecurityConfiguration",
      "Properties": {
        "EncryptionConfiguration": {
          "CloudWatchEncryption": {
            "CloudWatchEncryptionMode": "SSE-KMS",
            "KmsKeyArn": {
integ.security-configuration.expected.json#L39
      "Type": "AWS::Glue::SecurityConfiguration",
      "Properties": {
        "EncryptionConfiguration": {
          "CloudWatchEncryption": {
            "CloudWatchEncryptionMode": "SSE-KMS",
            "KmsKeyArn": {
integ.security-configuration.expected.json#L39
      "Type": "AWS::Glue::SecurityConfiguration",
      "Properties": {
        "EncryptionConfiguration": {
          "CloudWatchEncryption": {
            "CloudWatchEncryptionMode": "SSE-KMS",
            "KmsKeyArn": {
integ.security-configuration.expected.json#L39
      "Type": "AWS::Glue::SecurityConfiguration",
      "Properties": {
        "EncryptionConfiguration": {
          "CloudWatchEncryption": {
            "CloudWatchEncryptionMode": "SSE-KMS",
            "KmsKeyArn": {

Parameters

Explanation in CloudFormation Registry

Creates a new security configuration. A security configuration is a set of security properties that can be used by AWS Glue. You can use a security configuration to encrypt data at rest. For information about using security configurations in AWS Glue, see Encrypting Data Written by Crawlers, Jobs, and Development Endpoints.

Frequently asked questions

What is AWS Glue Security Configuration?

AWS Glue Security Configuration is a resource for Glue of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Glue Security Configuration?

For Terraform, the 1oglop1/aws-glue-monorepo-style, CMSgov/beneficiary-fhir-data and SJREDDY6/terra source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the MarcoAP/AWSTraining, SnidermanIndustries/checkov-fork and bridgecrewio/checkov source code examples are useful. See the CloudFormation Example section for further details.