Control: Glue dev endpoints S3 encryption should be enabled
Description
Ensure Glue dev endpoints have S3 encryption enabled to protect sensitive information at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.glue_dev_endpoint_s3_encryption_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.glue_dev_endpoint_s3_encryption_enabled --shareSQL
This control uses a named query:
select d.arn as resource, case when e is not null and e ->> 'S3EncryptionMode' != 'DISABLED' then 'ok' else 'alarm' end as status, case when e is not null and e ->> 'S3EncryptionMode' != 'DISABLED' then d.title || ' S3 encryption enabled.' else d.title || ' S3 encryption disabled.' end as reason , d.region, d.account_idfrom aws_glue_dev_endpoint as d left join aws_glue_security_configuration s on d.security_configuration = s.name, jsonb_array_elements(s.s3_encryption) e;