Ensure that Athena Workgroup is encrypted
Error: Athena Workgroup is not encrypted
Bridgecrew Policy ID: BC_AWS_GENERAL_86
Checkov Check ID: CKV_AWS_159
Severity: MEDIUM
Athena Workgroup is not encrypted
Description
Athena workgroups support full server-side encryption for all data at rest which should be enabled.
Fix - Buildtime
Terraform
- Resource: aws_athena_workgroup
- Argument: result_configuration.encryption_configuration
resource "aws_athena_workgroup" "test" {
...
+ configuration {
...
+ result_configuration {
+ output_location = "s3://mys3bucket"
+ encryption_configuration {
+ encryption_option = "SSE_KMS"
+ kms_key_arn = "mykmsarn"
}
}
}
}
Updated 6 months ago