CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00778
- creditSnyk Research Team
Description
Enabling encryption at rest for AWS Glue metadata prevents unauthorized access to sensitive information and protects against data breaches. Without encryption, metadata stored in AWS Glue could be compromised, leading to potential data leakage and regulatory non-compliance.
How to fix?
Set the data_catalog_encryption_settings[_].encryption_at_rest[_].catalog_encryption_mode attribute to SSE-KMS in the resource aws_glue_data_catalog_encryption_settings.
Example configuration:
resource "aws_glue_data_catalog_encryption_settings" "allow" {
data_catalog_encryption_settings {
connection_password_encryption {
return_connection_password_encrypted = false
}
encryption_at_rest {
catalog_encryption_mode = "SSE-KMS"
sse_aws_kms_key_id = aws_kms_key.mykey.arn
}
}
}