Glue CloudWatch log encryption is disabled Affecting Glue service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Logging/ Encryption at Rest

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-ControlsCSA-CCM
  • Snyk IDSNYK-CC-00706
  • creditSnyk Research Team

Description

Anyone accessing data in the CloudWatch logs will be able to read the contents which may contain sensitive information.

How to fix?

Set CloudWatchEncryptionMode attribute value to SSE-KMS.

Example Configuration

Resources:
  Allowed:
    Type: AWS::Glue::SecurityConfiguration
    Properties: 
      EncryptionConfiguration: 
        CloudWatchEncryption:
          CloudWatchEncryptionMode: SSE-KMS 
      Name: AWSGlueSecurityConfName