Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new check glue_ml_transform_encryption_at_rest_enabled #5095

Closed
puchy22 opened this issue Sep 19, 2024 · 4 comments
Closed

Add new check glue_ml_transform_encryption_at_rest_enabled #5095

puchy22 opened this issue Sep 19, 2024 · 4 comments
Assignees
@LefterisXefteris
Labels
good first issue Indicates a good issue for first-time contributors new check idea provider/aws Issues/PRs related with the AWS provider

Comments

@puchy22
Copy link
Member

puchy22 commented Sep 19, 2024

New feature motivation

Implement a control that checks whether AWS Glue machine learning (ML) transforms are encrypted at rest. The control fails if the ML transform data is not encrypted at rest.

Encryption of data at rest ensures the confidentiality of data stored in persistent storage. This protection helps mitigate the risk of unauthorized access and maintains the security of sensitive information processed by ML transforms.

Solution Proposed

Create a new check to ensure that Glue ML transform are encrypted at rest. Things to add:

  • Add ml_transforms dictionary (crafted ARN should be the key) with all ML transform extracted from get_ml_transforms and test it.
  • Add check logic to verify that MlUserDataEncryptionMode is not DISABLED. Ref
  • Add unit tests to ensure the check is working as expected. Cases recommended: no ML Transforms, transform without encryption enabled and transform with encryption enabled. Ref

Describe alternatives you've considered

No alternative.

Additional context

No response
@puchy22 puchy22 added new check idea provider/aws Issues/PRs related with the AWS provider good first issue Indicates a good issue for first-time contributors labels Sep 19, 2024
@LefterisXefteris
Copy link
Contributor

Hello @puchy22 ! i would like to work for it if that is okay.

@puchy22
Copy link
Member Author

puchy22 commented Sep 19, 2024

@LefterisXefteris perfect, I assign you the issue. Thanks for your help 💚 🚀

@LefterisXefteris
Copy link
Contributor

@puchy22 thank you very much!

@puchy22
Copy link
Member Author

puchy22 commented Oct 7, 2024

Issue closed with #5272

@puchy22 puchy22 closed this as completed Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LefterisXefteris LefterisXefteris

Labels
good first issue Indicates a good issue for first-time contributors new check idea provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@puchy22 @LefterisXefteris