Skip to content

Prowler Documentation

Athena Workgroup is not encrypted

prowler-cloud/prowler

Athena Workgroup is not encrypted

Description

Athena workgroups support full server-side encryption for all data at rest which should be enabled.

Fix - Buildtime

Terraform

Resource: aws_athena_workgroup
Argument: result_configuration.encryption_configuration

resource "aws_athena_workgroup" "test" {
    ...
+ configuration {
        ...
+   result_configuration {
+     output_location = "s3://mys3bucket"
+     encryption_configuration {
+       encryption_option = "SSE_KMS"
+       kms_key_arn       = "mykmsarn"
      }
    }
  }
}