![Screenshot 2024-03-12 at 11.34.19 AM.png]](https://cloud-kb.sentinelone.com/hs-fs/hubfs/Screenshot%202024-03-12%20at%2011.34.19%20AM.png?height=40&name=Screenshot%202024-03-12%20at%2011.34.19%20AM.png){kind=small}
Risk Level: Medium
Description:
This plugin ensures that the Athena workgroups are configured for the encryption of all data at rest. Full server-side encryption for all data at rest which should be enabled is supported by Athena workgroups.
About the Service :
Athena is an interactive AWS-managed query solution for analyzing data directly with standard SQL in Amazon S3. Default data encryption between Amazon Athena and S3 by utilizing SSL/TLS is offered, however, encryption of rest query results by default is not enabled.
Impact :
We won’t be able to keep the data secure and the compliance requirements won’t be met for data at rest encryption in case Athena Workgroup is not encrypted.
Steps to reproduce :
- Log In to AWS Console.
- Navigate to the AWS Athena dashboard.
- Click on the Settings on the top right to access the configuration settings
- In the settings tab check if the encrypt query results box is checked or not.
- If it is unchecked that means that the workgroup is not encrypted.
Steps for remediation :
- Log In to AWS Console.
- Navigate to the AWS Athena dashboard.
- Click on the Settings on the top right to access the configuration settings
- In the settings tab check if the encrypt query results box is checked or not.
- If it is unchecked then check it to enable the encryption for data at rest.