Not encrypting Athena query results can lead to data leak

Severity	Exploitability	Providers	Categories
HIGH	MEDIUM	AWS	DATA

Description

Setting up encryption on Amazon Athena Databases and Workgroups will allow Athena to encrypt the query results in the target bucket.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	True

Misconfigured bucket permissions or direct access to storage drives can lead to data leak.

Remediation guidelines

Enable encryption in Databases and Workgroups.

References

• AWS Athena encryption at rest
• AWS Athena Database encryption configuration in Terraform
• AWS Athena Workgroup encryption configuration in Terraform

Was this page helpful?