From 9c6ae74dbf70a939983b8a3e92f5259f824fcb49 Mon Sep 17 00:00:00 2001 From: Laiba Zaman Date: Fri, 31 Mar 2023 14:12:31 +0000 Subject: [PATCH 1/2] added dataflow folder and guide? --- .../dataflow/dataflow-jobs-encryption.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 en/google/dataflow/dataflow-jobs-encryption.md diff --git a/en/google/dataflow/dataflow-jobs-encryption.md b/en/google/dataflow/dataflow-jobs-encryption.md new file mode 100644 index 000000000..d06b244ee --- /dev/null +++ b/en/google/dataflow/dataflow-jobs-encryption.md @@ -0,0 +1,25 @@ +[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) + +# GOOGLE / Dataflow / Dataflow Jobns Encryption + +## Quick Info + +| | | +|-|-| +| **Plugin Title** | Dataflow Jobns Encryption | +| **Cloud** | GOOGLE | +| **Category** | Datflow | +| **Description** | Ensure that Google Dataflow jobs are encrypted with desired encryption level. | +| **More Info** | Google encrypts all jobs in Dataflow by default. Protecting source and sinks data for Dataflow batch pipeline with CMEK gives user more granular access to encryption and decryption process.| +| **GOOGLE Link** | https://cloud.google.com/dataflow/docs/guides/customer-managed-encryption-keys | +| **Recommended Action** | Use desired encryption level to encrypt Dataflow jobs. | + +## Detailed Remediation Steps +1. Open the Dataflow monitoring UI.\ + [Go to the Dataflow Web UI](https://console.cloud.google.com/dataflow) +2. Select Create job from template. +3. In the Encryption section, select Customer-managed key. + +Note: The drop-down menu Select a customer-managed key only shows keys with the regional scope global or the region you selected in the Regional endpoint drop-down menu. In order to minimize Cloud KMS operation latency and improve system availability, we recommend choosing regional keys. + +The first time you attempt to run a job with a particular Cloud KMS key, your Compute Engine service account and/or Dataflow service account might not have been granted the permissions to encrypt and decrypt using that key. In this case, a warning message appears to prompt you to grant the permission to your service account. \ No newline at end of file From 80f77777681bb675e64dbe245569e30ac2ec4558 Mon Sep 17 00:00:00 2001 From: laiba-zaman <122311250+laiba-zaman@users.noreply.github.com> Date: Fri, 31 Mar 2023 10:21:21 -0400 Subject: [PATCH 2/2] Update dataflow-jobs-encryption.md --- en/google/dataflow/dataflow-jobs-encryption.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/en/google/dataflow/dataflow-jobs-encryption.md b/en/google/dataflow/dataflow-jobs-encryption.md index d06b244ee..7bd97336f 100644 --- a/en/google/dataflow/dataflow-jobs-encryption.md +++ b/en/google/dataflow/dataflow-jobs-encryption.md @@ -1,12 +1,12 @@ [![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) -# GOOGLE / Dataflow / Dataflow Jobns Encryption +# GOOGLE / Dataflow / Dataflow Jobs Encryption ## Quick Info | | | |-|-| -| **Plugin Title** | Dataflow Jobns Encryption | +| **Plugin Title** | Dataflow Jobs Encryption | | **Cloud** | GOOGLE | | **Category** | Datflow | | **Description** | Ensure that Google Dataflow jobs are encrypted with desired encryption level. | @@ -22,4 +22,4 @@ Note: The drop-down menu Select a customer-managed key only shows keys with the regional scope global or the region you selected in the Regional endpoint drop-down menu. In order to minimize Cloud KMS operation latency and improve system availability, we recommend choosing regional keys. -The first time you attempt to run a job with a particular Cloud KMS key, your Compute Engine service account and/or Dataflow service account might not have been granted the permissions to encrypt and decrypt using that key. In this case, a warning message appears to prompt you to grant the permission to your service account. \ No newline at end of file +The first time you attempt to run a job with a particular Cloud KMS key, your Compute Engine service account and/or Dataflow service account might not have been granted the permissions to encrypt and decrypt using that key. In this case, a warning message appears to prompt you to grant the permission to your service account.