Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1598Benchmarks
674Queries
9Variables
GitHub

Control: Glue dev endpoints job bookmark encryption should be enabled

Description

Ensure Glue dev endpoints have job bookmark encryption enabled to protect sensitive information at rest.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.glue_dev_endpoint_job_bookmarks_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.glue_dev_endpoint_job_bookmarks_encryption_enabled --share

SQL

This control uses a named query:

select
  e.arn as resource,
  case
    when job_bookmarks_encryption is not null and job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' != 'DISABLED' then 'ok'
    else 'alarm'
  end as status,
  case
    when job_bookmarks_encryption is not null and job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' != 'DISABLED' then e.title || ' job bookmark encryption enabled.'
    else e.title || ' job bookmark encryption disabled.'
  end as reason
  , e.region, e.account_id
from
  aws_glue_dev_endpoint as e
  left join aws_glue_security_configuration as c on e.security_configuration = c.name;

Tags

service = AWS/Glue