github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/athena/AVD-AWS-0006/Terraform.md (about) 1 2 Enable encryption at rest for Athena databases and workgroup configurations 3 4 ```hcl 5 resource "aws_athena_database" "good_example" { 6 name = "database_name" 7 bucket = aws_s3_bucket.hoge.bucket 8 9 encryption_configuration { 10 encryption_option = "SSE_KMS" 11 kms_key_arn = aws_kms_key.example.arn 12 } 13 } 14 15 resource "aws_athena_workgroup" "good_example" { 16 name = "example" 17 18 configuration { 19 enforce_workgroup_configuration = true 20 publish_cloudwatch_metrics_enabled = true 21 22 result_configuration { 23 output_location = "s3://${aws_s3_bucket.example.bucket}/output/" 24 25 encryption_configuration { 26 encryption_option = "SSE_KMS" 27 kms_key_arn = aws_kms_key.example.arn 28 } 29 } 30 } 31 } 32 33 ``` 34 35 #### Remediation Links 36 - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#encryption_configuration 37 38 - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration 39