Skip to content
Alchemy
GitHubXDiscord

SecurityConfiguration

The SecurityConfiguration resource lets you manage AWS Glue SecurityConfigurations for encrypting data at rest and in transit within your Glue jobs and crawlers.

Minimal Example

Section titled “Minimal Example”

Create a basic security configuration with encryption settings.

import AWS from "alchemy/aws/control";


const basicSecurityConfig = await AWS.Glue.SecurityConfiguration("basicSecurityConfig", {
  name: "basic_security_config",
  encryptionConfiguration: {
    // Using S3 encryption
    s3Encryption: [{
      encryptionMode: "SSE-S3",
      location: "s3://my-encrypted-bucket"
    }],
    // Optionally add other encryption settings here
  },
  adopt: true // Allows adopting existing resource if it already exists
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a security configuration with multiple encryption modes for different data sources.

const advancedSecurityConfig = await AWS.Glue.SecurityConfiguration("advancedSecurityConfig", {
  name: "advanced_security_config",
  encryptionConfiguration: {
    s3Encryption: [{
      encryptionMode: "SSE-KMS",
      kmsKeyArn: "arn:aws:kms:us-west-2:123456789012:key/abcd1234-12ab-34cd-56ef-1234567890ab",
      location: "s3://my-advanced-bucket"
    }],
    // Configure other encryption settings as needed
    cloudWatchEncryption: {
      cloudWatchEncryptionMode: "DISABLED"
    },
    jobBookmarksEncryption: {
      jobBookmarksEncryptionMode: "DISABLED"
    }
  }
});

Use Case: Job Specific Security Configuration

Section titled “Use Case: Job Specific Security Configuration”

Create a security configuration tailored for a specific job that requires enhanced encryption.

const jobSpecificSecurityConfig = await AWS.Glue.SecurityConfiguration("jobSpecificSecurityConfig", {
  name: "job_specific_security_config",
  encryptionConfiguration: {
    s3Encryption: [{
      encryptionMode: "SSE-KMS",
      kmsKeyArn: "arn:aws:kms:us-east-1:123456789012:key/abcd1234-12ab-34cd-56ef-1234567890ab",
      location: "s3://my-job-specific-bucket"
    }],
    cloudWatchEncryption: {
      cloudWatchEncryptionMode: "SSE-KMS",
      kmsKeyArn: "arn:aws:kms:us-east-1:123456789012:key/abcd1234-12ab-34cd-56ef-1234567890ab"
    }
  }
});