Encryption at rest
DataBrew supports data encryption at rest for DataBrew projects and jobs. Projects and jobs can read encrypted data, and
jobs can write encrypted data by calling Amazon Key Management Service
(Amazon KMS)
Important
Amazon Glue DataBrew supports only symmetric Amazon KMS keys. For more
information, see Amazon KMS keys
When you create jobs in DataBrew with encryption enabled, you can use the DataBrew console to specify S3-managed server-side encryption keys (SSE-S3) or KMS keys stored in Amazon KMS (SSE-KMS) to encrypt data at rest.
Important
When you use an Amazon Redshift dataset, objects unloaded to the provided temporary directory are encrypted with SSE-S3.