Skip to content

Athena Workgroup is not encrypted

Description

Athena workgroups support full server-side encryption for all data at rest which should be enabled.

Fix - Buildtime

Terraform

  • Resource: aws_athena_workgroup
  • Argument: result_configuration.encryption_configuration

go aws_s3_bucket.test.tf resource "aws_athena_workgroup" "test" { ... + configuration { ... + result_configuration { + output_location = "s3://mys3bucket" + encryption_configuration { + encryption_option = "SSE_KMS" + kms_key_arn = "mykmsarn" } } } }