Athena Workgroup is not encrypted
Description
Athena workgroups support full server-side encryption for all data at rest which should be enabled.
Code Example
go
resource "aws_athena_workgroup" "test" {
...
+ configuration {
...
+ result_configuration {
+ output_location = "s3://mys3bucket"
+ encryption_configuration {
+ encryption_option = "SSE_KMS"
+ kms_key_arn = "mykmsarn"
}
}
}
}Remediation
Terraform
- Resource: aws_athena_workgroup
- Arguments: result_configuration.encryption_configuration
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0208 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_159 |