AWS Config Rule: Athena Workgroup Encrypted
StackZone-AthenaWorkgroupEncrypted
Fernando Honig
Last Update il y a 3 mois
Description: Checks if AWS Athena Workgroups are Encrypted. The rule is NON_COMPLIANT if a Workgroup is not encrypted.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Enable it with StackZone
To enable this CUSTOM_POLICY Config Rule, you need to head over to Baseline Services, AWS Config Rules Regional and select Amazon Athena as indicated in the image below.
Click on Edit mode at the top and click on the Athena Workgroup Encryption toggle.
This CUSTOM_POLICY AWS Config Rule, will evaluate every Athena Workgroup you have in your AWS Accounts and mark them as NON_COMPLIANT when the Workgroup is not encrypted
How to Resolve Manually
This AWS Config Rule simply checks if an existing Athena Workgroup is encrypted.
If you want to encrypt it to make it COMPLAINT, follow the next steps:
- Go to Athena in your AWS Services
- Select the workgroup that is NON_COMPLIANT
- Click on Edit at the top right
- Navigate to the Query result configuration (optional) settings
- Click on Encrypt query results
- Press Save changes
How to Resolve with StackZone
You can automatically resolve non-compliant resources with the Config Remediation from StackZone
This Remediation will automatically change the encryption option for all of your Athena Workgroups to ensure that the Encryption Option is set to SSE_S3.
You can enable this by heading on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon Athena and enable Athena Workgroup Encryption Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
