AWS Athena Database

This page shows how to write Terraform and CloudFormation for Athena Database and write them securely.

aws_athena_database (Terraform)

The Database in Athena can be configured in Terraform with the resource name aws_athena_database. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

athena.tf#L1
resource "aws_athena_database" "ugathena" {

  name   = var.nameugathena
  bucket = var.outugs3bucketathena
02_aws_athena_database.tf#L1
resource "aws_athena_database" "security_log" {
  name   = "security_log"
  bucket = module.athena_query_result_bucket.name
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_athena_database

There is 1 setting in aws_athena_database that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable at rest encryption of Athena database

It is better to enable at rest encryption of Athena database. Encryption reduces the risk of data leakage.

Review your AWS Athena settings

You can check if the aws_athena_database setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

Explanation in Terraform Registry

Provides an Athena database.

Tips: Best Practices for The Other AWS Athena Resources

In addition to the aws_athena_workgroup, AWS Athena has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_athena_workgroup

Enable Athena workgroup configuration enforcement

Athena workgroup configurations may be overridden by clients. It is better to enforce control over the workgroup.

Review your AWS Athena settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::Athena::DataCatalog (CloudFormation)

The DataCatalog in Athena can be configured in CloudFormation with the resource name AWS::Athena::DataCatalog. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

Athena.yml#L25
    Type: AWS::Athena::DataCatalog
    Properties:
      Type: GLUE
      Name: "ryunosuke-datacatalog"
      Parameters:
        catalog-id: !Ref "AWS::AccountId"
product.template-ap-south-1.yaml#L12
    Type: AWS::Athena::DataCatalog
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
    Properties:
      Name: !Ref 'Name'
      Type: !Ref 'Type'
product.template-ca-central-1.yaml#L12
    Type: AWS::Athena::DataCatalog
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
    Properties:
      Name: !Ref 'Name'
      Type: !Ref 'Type'
product.template-eu-north-1.yaml#L12
    Type: AWS::Athena::DataCatalog
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
    Properties:
      Name: !Ref 'Name'
      Type: !Ref 'Type'
product.template-us-west-1.yaml#L12
    Type: AWS::Athena::DataCatalog
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
    Properties:
      Name: !Ref 'Name'
      Type: !Ref 'Type'
awsResouceIconMatches.json#L3247
        "resourceType": "AWS::Athena::DataCatalog",
        "filePath": null
      },
      {
        "resourceType": "AWS::Athena::WorkGroup",
        "filePath": null
template.json#L2399
    "AWS::Athena::DataCatalog": {
      "Type": "AWS::Athena::DataCatalog",
      "Properties": {}
    },
    "AWS::NetworkFirewall::LoggingConfiguration": {
      "Type": "AWS::NetworkFirewall::LoggingConfiguration",
AthenaAppsyncStack.template.json#L137
      "Type": "AWS::Athena::DataCatalog",
      "Properties": {
        "Name": "tnc-catalog",
        "Type": "LAMBDA",
        "Description": "catalog for talkncloud demo",
        "Parameters": {

Parameters

Explanation in CloudFormation Registry

The AWS::Athena::DataCatalog resource specifies an Amazon Athena data catalog, which contains a name, description, type, parameters, and tags. For more information, see DataCatalog in the Amazon Athena API Reference.

Frequently asked questions

What is AWS Athena Database?

AWS Athena Database is a resource for Athena of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Athena Database?

For Terraform, the cloudhashicorp/terraform-aws-modules-serverless and tmknom/example-cloud-bankruptcy-iac source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the RyunosukeHayashi/aws-cloudfomation-library, awslabs/aws-service-catalog-products and awslabs/aws-service-catalog-products source code examples are useful. See the CloudFormation Example section for further details.