Skip to main content

Not encrypting Athena query results can lead to data leak

  • GG_ID: GG_IAC_0031
  • Severity: HIGH
  • Complexity: MEDIUM
  • Categories: DATA
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True


Setting up encryption on Amazon Athena Databases and Workgroups will allow Athena to encrypt the query results in the target bucket.


Misconfigured bucket permissions or direct access to storage drives can lead to data leak.

Remediation guidelines#

Enable encryption in Databases and Workgroups.

External documentation#