Back to All Checks
Medium Glue Regional

AWS Glue machine learning transforms should be encrypted at rest

FSBP

Description

This control checks whether an AWS Glue machine learning transform is encrypted at rest. The control fails if the machine learning transform isn't encrypted at rest. Data at rest refers to data that's stored in persistent, non-volatile storage for any duration. Encrypting data at rest helps you protect its confidentiality, which reduces the risk that an unauthorized user can access it.

Remediation

To enable encryption at rest for your AWS Glue ML transform, you need to configure encryption settings in the transform parameters.

Steps

  1. Navigate to the AWS Glue console
  2. Go to 'Machine Learning' in the left navigation
  3. Select your ML transform
  4. Choose 'Edit' to modify the transform
  5. In the 'Parameters' section, configure encryption settings
  6. Set S3EncryptionMode to 'SSE-S3' or 'SSE-KMS'
  7. If using KMS, specify the KMS key ID
  8. Save the configuration to enable encryption at rest

Compliance

FSBP
Start Your Free Security Check