By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What are the benefits when I run a Glue job inside VPC?

0

I am having a Glue job and without VPC, the job work fine. However, I want to ask:

  1. What is the benefits if I move it to be inside a VPC?
  2. If I continue use the job outside VPC, will I face security issues such as leak data, etc.?

Thank you so much!

Topics
AnalyticsAWS Well-Architected Framework
Tags
AWS GlueSecurity
Language
English
Yen Trinh
asked 2 years ago2535 views
1 Answer
1
Accepted Answer

Hi. That's a great question.

If you run a job outside of a VPC, the job potentially has direct access to the internet, and a rouge engineer could write code that would write data to some endpoint on the internet that is outside of your organization. There are various ways to address this risk, but one of them is to ensure the job runs on a VPC where you control all data egress.

The other common reason to use a VPC endpoint with your Glue jobs is to enable access to other resources in your VPC (like RDS servers if you need to ingest data from those), or resources on your corporate network (if you have a connection between your VPC and your corporate network).

See the IAM Policies that Control Settings Using Condition Keys in the AWS Glue documentation at the following link. This includes an example of how you can use an IAM policy to ensure that only Glue jobs that have a specific VPC connection are able to be created.

https://docs.aws.amazon.com/glue/latest/dg/using-identity-based-policies.html

All the best with your AWS Glue data engineering!

AWS
Gareth_E
answered 2 years ago
AWS
EXPERT
Fabrizio@AWS
reviewed 2 years ago
  • Yen Trinh
    2 years ago

    Thank you so much for your answer.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content