Control: Glue data catalog metadata encryption should be enabled
Description
Ensure Glue data catalog metadata encryption is enabled to protect sensitive information at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.glue_data_catalog_encryption_settings_metadata_encryption_enabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.glue_data_catalog_encryption_settings_metadata_encryption_enabled --share
SQL
This control uses a named query:
select 'arn:' || partition || '::' || region || ':' || account_id as resource, case when encryption_at_rest is not null and encryption_at_rest ->> 'CatalogEncryptionMode' != 'DISABLED' then 'ok' else 'alarm' end as status, case when encryption_at_rest is not null and encryption_at_rest ->> 'CatalogEncryptionMode' != 'DISABLED' then 'Glue data catalog metadata encryption is enabled in ' || region || '.' else 'Glue data catalog metadata encryption is disabled in ' || region || '.' end as reason , region, account_idfrom aws_glue_data_catalog_encryption_settings;