Control: 4 AWS Glue Spark jobs should run on supported versions of AWS Glue
Description
This control checks whether an AWS Glue for Spark job is configured to run on a supported version of AWS Glue. The control fails if the Spark job is configured to run on a version of AWS Glue that's earlier than the minimum supported version.
Running AWS Glue Spark jobs on current versions of AWS Glue can optimize performance, security, and access to the latest features of AWS Glue. It can also help safeguard against security vulnerabilities. For example, a new version might be released to provide security updates, address issues, or introduce new features.
Remediation
For information about migrating a Spark job to a supported version of AWS Glue, see Migrating AWS Glue for Spark jobs in the AWS Glue User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_glue_4
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_glue_4 --share
SQL
This control uses a named query:
select arn as resource, case when not default_arguments @> '{"--enable-spark-ui": "true"}'::jsonb then 'skip' when cast(glue_version AS DECIMAL) >= $1 then 'ok' else 'alarm' end as status, case when not default_arguments @> '{"--enable-spark-ui": "true"}'::jsonb then title || ' is not a spark job.' else title || ' uses ' || glue_version || ' glue version.' end as reason , region, account_idfrom aws_glue_job;
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | glue_spark_job_supported_version |
| Minimum supported Glue version. |