Athena Database Not Encrypted

  • Query id: b2315cae-b110-4426-81e0-80bb8640cdd3
  • Query name: Athena Database Not Encrypted
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

AWS Athena Database data in S3 should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_s3_bucket" "hoge" {
  bucket = "hoge"
}

resource "aws_athena_database" "hoge" {
  name   = "database_name"
  bucket = aws_s3_bucket.hoge.bucket
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_s3_bucket" "hoge" {
  bucket = "hoge"
}

resource "aws_athena_database" "hoge" {
  name   = "database_name"
  bucket = aws_s3_bucket.hoge.bucket

  encryption_configuration {
    encryption_option = "SSE_KMS"
    kms_key           = "SSE_KMS"
 }
}