Ensure that Athena Workgroup is encrypted

Error: Athena Workgroup is not encrypted

Bridgecrew Policy ID: BC_AWS_GENERAL_86
Checkov Check ID: CKV_AWS_159
Severity: MEDIUM

Athena Workgroup is not encrypted

Description

Athena workgroups support full server-side encryption for all data at rest which should be enabled.

Fix - Buildtime

Terraform

  • Resource: aws_athena_workgroup
  • Argument: result_configuration.encryption_configuration
resource "aws_athena_workgroup" "test" {
	...
+ configuration {
		...
+   result_configuration {
+     output_location = "s3://mys3bucket"
+     encryption_configuration {
+       encryption_option = "SSE_KMS"
+       kms_key_arn       = "mykmsarn"
      }
    }
  }
}