Encryption Should Be Enabled For Amazon Athena Group
More Info:
This rule ensures that encryption of data at rest is enabled for an Amazon Athena workgroup. Enabling encryption at rest helps protect sensitive data stored in Athena workgroups from unauthorized access or tampering. It ensures that data is encrypted while stored, providing an additional layer of security.Risk Level
MediumAddress
SecurityCompliance Standards
CBP,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of enabling encryption for Amazon Athena Group in AWS RDS using the AWS Management Console, follow these steps:
-
Sign in to the AWS Management Console:
- Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
-
Navigate to the Amazon RDS Console:
- Once you are logged in, navigate to the Amazon RDS console by clicking on the “Services” dropdown menu at the top of the page and selecting “RDS” under the Database section.
-
Select the RDS Instance:
- In the Amazon RDS console, select the RDS instance for which you want to enable encryption by clicking on the checkbox next to the instance.
-
Enable Encryption:
- Click on the “Modify” button at the top of the page to modify the settings of the selected RDS instance.
-
Enable Encryption at Rest:
- Scroll down to the “Encryption” section in the Modify DB Instance page.
- Select the option to enable encryption at rest.
- Choose the appropriate KMS key from the dropdown menu. If you don’t have a KMS key, you can create one by clicking on the “Create New” button.
- Click on the “Continue” button.
-
Apply Changes:
- Review the changes you are about to make and ensure that encryption is enabled.
- Click on the “Modify DB Instance” button to apply the changes to the RDS instance.
-
Monitor Encryption Status:
- Once the modification is complete, monitor the status of encryption for the RDS instance in the Amazon RDS console.
- Ensure that the encryption status is shown as “enabled” for the instance.
Using CLI
Using CLI
To remediate the misconfiguration of enabling encryption for Amazon Athena group in AWS RDS using the AWS CLI, follow these steps:
- List the existing RDS DB instances to identify the RDS instance that needs to be encrypted:
- Enable the encryption for the identified RDS DB instance. Replace
your-db-instance-identifierwith the actual identifier of the RDS instance:
- Verify that the encryption is enabled for the RDS instance by describing the instance:
- Once the encryption is enabled, you can confirm that the Amazon Athena group associated with this RDS instance will also have encryption enabled.
Using Python
Using Python
To remediate the misconfiguration of enabling encryption for Amazon Athena Group in AWS RDS using Python, you can follow these steps:
- Import the necessary Python libraries:
- Initialize the AWS RDS client:
- Identify the Amazon Athena Group associated with the AWS RDS instance:
- Check if the encryption is already enabled for the RDS instance:
-
Replace
'YOUR_DB_INSTANCE_IDENTIFIER'with the actual identifier of your RDS instance. - Run the Python script to enable encryption for the Amazon Athena Group associated with the AWS RDS instance.