No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

is your glue catalog database in a private subnet? how did you deploy it?

```const glueDataCatalogDB = new aws.glue.CatalogDatabase(
  'data-catalog-db',
  {
     name: 'data-catalog-db',
  }
);```
and it's not in a private subnet

hmm I’m stumped, never seen that before

Thanks for getting back to me! I'm getting the same error if I try to create a security config for the glue role
```const glueSecurityConfig = new aws.glue.SecurityConfiguration(
    'glue-security-config',
    {
      encryptionConfiguration: {
        s3Encryption: {
          s3EncryptionMode: 'SSE-S3',
        },
        cloudwatchEncryption: {
          cloudwatchEncryptionMode: 'SSE-KMS',
          kmsKeyArn: cloudwatchKms.arn,
        },
        jobBookmarksEncryption: {
          jobBookmarksEncryptionMode: 'CSE-KMS',
          kmsKeyArn: glueJobBookmarksKms.arn,
        },
      },
    },
    {
      dependsOn: [cloudwatchKms, glueJobBookmarksKms],
    }
  );```

can you try verbose logs?
<https://www.pulumi.com/docs/support/troubleshooting/#verbose-logging>