Athena Workgroup Not Encrypted
- Query id: d364984a-a222-4b5f-a8b0-e23ab19ebff3
- Query name: Athena Workgroup Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Athena Workgroup query results should be encrypted, for all queries that run in the workgroup
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_athena_workgroup" "example" {
name = "example"
}
resource "aws_athena_workgroup" "example_2" {
name = "example"
configuration {
enforce_workgroup_configuration = true
publish_cloudwatch_metrics_enabled = true
}
}
resource "aws_athena_workgroup" "example_3" {
name = "example"
configuration {
enforce_workgroup_configuration = true
publish_cloudwatch_metrics_enabled = true
result_configuration {
output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_athena_workgroup" "example" {
name = "example"
configuration {
enforce_workgroup_configuration = true
publish_cloudwatch_metrics_enabled = true
result_configuration {
output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
encryption_configuration {
encryption_option = "SSE_KMS"
kms_key_arn = aws_kms_key.example.arn
}
}
}
}