[New]: The aws_glue_security_configuration resource should support encrypting Glue Data Quality . #39821
Description
Description
Currently, the AWS Glue aws_glue_security_configuration("�aws_glue_security_configuration") does not have support to add encryption for Glue Data Quality. If the Glue Data Quality is not encrypted, then the Glue Security Configuration will show as disabled, even if the S3 bucket, KMS, and CloudWatch are encrypted. This is flagged as a security finding.
Looking to add support so via terraform we can add glue data quality encryption
Document:
https://registry.terraform.io/providers/hashicorp/aws/4.1.0/docs/resources/glue_security_configuration
Images
Requested Resource(s) and/or Data Source(s)
aws_glue_security_configuration data quality encryption
Potential Terraform Configuration
resource "aws_glue_security_configuration" "example" {
name = "example"
encryption_configuration {
cloudwatch_encryption {
cloudwatch_encryption_mode = "DISABLED"
}
job_bookmarks_encryption {
job_bookmarks_encryption_mode = "DISABLED"
}
s3_encryption {
kms_key_arn = data.aws_kms_key.example.arn
s3_encryption_mode = "SSE-KMS"
}
# Add new feature
data_quality_encryption {
kms_key_arn = data.aws_kms_key.example.arn
data_quality_encryption_mode = "SSE-KMS"
}
}
}References
- https://registry.terraform.io/providers/hashicorp/aws/4.1.0/docs/resources/glue_security_configuration
- https://docs.aws.amazon.com/glue/latest/dg/data-quality-encryption.html
Would you like to implement a fix?
Yes