AWS Glue component is not associated with a security configuration
Description
This policy ensures that AWS Glue components (Crawlers, DevEndpoints, and Jobs) have a security configuration associated. Associating a security configuration with Glue components helps ensure the security of data in transit and at rest, which is critical for maintaining data integrity and protecting sensitive information. This policy checks whether the `CrawlerSecurityConfiguration` or `SecurityConfiguration` property is configured appropriately for Glue components.
Code Example
go
resource "aws_glue_crawler" "example" {
...
security_configuration = "example-security-configuration"
...
}Remediation
Terraform
To fix this issue, ensure that the `security_configuration` property in the `aws_glue_crawler`, `aws_glue_dev_endpoint`, and `aws_glue_job` resources is set to a valid security configuration.
Example for a Glue Crawler:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0243 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | Terraform, CloudFormation |
| Checkov ID | CKV_AWS_195 |