AWS Config Rule: Athena Workgroup Encrypted

ATHENA_WORKGROUP_ENCRYPTED

Fernando Honig

Last Update 7 maanden geleden

Description: Checks if AWS Athena Workgroups are Encrypted. The rule is NON_COMPLIANT if a Workgroup is not encrypted.


Trigger type: Configuration changes


AWS Region: All supported AWS regions.


How to Enable it with StackZone

To enable this CUSTOM_POLICY Config Rule, you need to head over to Baseline Services, AWS Config Rules Regional and select Amazon Athena as indicated in the image below.

Click on Edit mode at the top and click on the Athena Workgroup Encryption toggle.


This CUSTOM_POLICY AWS Config Rule, will evaluate every Athena Workgroup you have in your AWS Accounts and mark them as NON_COMPLIANT when the Workgroup is not encrypted


How to Resolve Manually

This AWS Config Rule simply checks if an existing Athena Workgroup is encrypted. 


If you want to encrypt it to make it COMPLAINT, follow the next steps:

  • Go to Athena in your AWS Services
  • Select the workgroup that is NON_COMPLIANT
  • Click on Edit at the top right
  • Navigate to the Query result configuration (optional) settings
  • Click on Encrypt query results
  • Press Save changes

How to Resolve with StackZone

You can automatically resolve non-compliant resources with the Config Remediation from StackZone


This Remediation will automatically change the encryption option for all of your Athena Workgroups to ensure that the Encryption Option is set to SSE_S3.


You can enable this by heading on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon Athena and enable Athena Workgroup Encryption Remediation


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us