Athena workgroup does not prevent disabling encryption
Description
You can configure settings at the workgroup level, enforce control over the workgroup. This only affects you if you run queries in the workgroup; if you do, workgroup settings are used. If a query runs in a workgroups and the workgroup overrides client-side settings, Athena uses the workgroup's settings for encryption. It also overrides any other settings specified for the query in the console, by using API operations, or with drivers.
Code Example
shell
{
"aws kafka create-cluster
--cluster-name "ExampleClusterName"
--broker-node-group-info file://brokernodegroupinfo.json
--encryption-info file://encryptioninfo.json
--kafka-version "2.2.1"
--number-of-broker-nodes 3",
}Remediation
CLI Command
Run the create-cluster command and use the encryption-info option to point to the file where you saved your configuration JSON.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0135 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_82 |