Description:
This policy enforces the usage of SSL connections for Amazon Glue Database connections. SSL (Secure Sockets Layer) is a standard security protocol for establishing an encrypted link between a client and a server, ensuring that all data transmitted between the two remains private and secure.
Rationale:
In many industries, particularly those handling sensitive or personal data, it is mandatory to secure data in transit. Utilizing SSL connections for Glue Database prevents potential eavesdropping or data tampering by encrypting data during transit.
Impact:
Enabling SSL for Glue database connections enhances data security by providing a secure communication channel. It protects sensitive information by encrypting the data during transmission, minimizing the risk of data exposure to unauthorized entities.
Default Value:
By default, AWS recommends using SSL connections when transmitting data between your applications and AWS Glue.
Pre-Requisite:
You must have permissions to modify Glue database connections and to handle SSL certificates. You also need to be familiar with managing Glue database connections in the AWS console or via AWS CLI.
Test Plan:
- Go to the AWS Glue console.
- Open the 'Databases' tab and choose your database.
- Check the 'SSL' checkbox for your connections.
AWS CLI Process:
- Open your AWS CLI.
- Run the following command to update the Glue connection:
aws glue update-connection --name connection_name --connection-input "ConnectionType=JDBC,ConnectionProperties={'JDBC_CONNECTION_URL':'jdbc:mysql://hostname:port/db_name?useSSL=true','USERNAME':'username','PASSWORD':'password'},PhysicalConnectionRequirements={'AvailabilityZone':'az','SubnetId':'subnet-id','SecurityGroupIdList':['sg-id']}"
Using AWS GUI:
- Navigate to the AWS Glue service in the AWS Management Console.
- Click on the 'Databases' tab and choose your database.
- In the 'Connection properties' section, check the 'SSL' checkbox.
- Click 'Apply' to save the changes.
Backout Plan:
- If you need to revoke changes,
- Go back to the AWS Glue console.
- Navigate to your database connection.
- In the 'Connection properties' section, uncheck the 'SSL' checkbox.
- Click 'Apply' to save the changes.
Note:
Always understand the potential security implications when disabling SSL for Glue database connections.
Reference: AWS Glue UpdateConnection