Not enforcing Workgroup configuration in Athena can allow clients to disable encryption settings
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | DATA |
Description
Enforcing Amazon Athena Workgroup configuration allows to make sure clients don't bypass the workgroup encryption settings. This way, data encryption at rest is always ensured.
Note that workgroup configuration should have encryption enabled.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
Misconfigured bucket permissions or direct access to storage drives can lead to data leak.
Remediation guidelines
- Enforce workgroup configuration.
- Make sure workgroup configuration has encryption enabled.