AWS Athena Database
This page shows how to write Terraform and CloudFormation for Athena Database and write them securely.
aws_athena_database (Terraform)
The Database in Athena can be configured in Terraform with the resource name aws_athena_database
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_athena_database" "ugathena" {
name = var.nameugathena
bucket = var.outugs3bucketathena
resource "aws_athena_database" "security_log" {
name = "security_log"
bucket = module.athena_query_result_bucket.name
}
Security Best Practices for aws_athena_database
There is 1 setting in aws_athena_database that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to enable at rest encryption of Athena database
It is better to enable at rest encryption of Athena database. Encryption reduces the risk of data leakage.
Parameters
-
bucket
required - string -
force_destroy
optional - bool -
id
optional computed - string -
name
required - string -
encryption_configuration
list block-
encryption_option
required - string -
kms_key
optional - string
-
Explanation in Terraform Registry
Provides an Athena database.
Tips: Best Practices for The Other AWS Athena Resources
In addition to the aws_athena_workgroup, AWS Athena has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_athena_workgroup
Enable Athena workgroup configuration enforcement
AWS::Athena::DataCatalog (CloudFormation)
The DataCatalog in Athena can be configured in CloudFormation with the resource name AWS::Athena::DataCatalog
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Athena::DataCatalog
Properties:
Type: GLUE
Name: "ryunosuke-datacatalog"
Parameters:
catalog-id: !Ref "AWS::AccountId"
Type: AWS::Athena::DataCatalog
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
Properties:
Name: !Ref 'Name'
Type: !Ref 'Type'
Type: AWS::Athena::DataCatalog
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
Properties:
Name: !Ref 'Name'
Type: !Ref 'Type'
Type: AWS::Athena::DataCatalog
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
Properties:
Name: !Ref 'Name'
Type: !Ref 'Type'
Type: AWS::Athena::DataCatalog
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-datacatalog.html
Properties:
Name: !Ref 'Name'
Type: !Ref 'Type'
"resourceType": "AWS::Athena::DataCatalog",
"filePath": null
},
{
"resourceType": "AWS::Athena::WorkGroup",
"filePath": null
"AWS::Athena::DataCatalog": {
"Type": "AWS::Athena::DataCatalog",
"Properties": {}
},
"AWS::NetworkFirewall::LoggingConfiguration": {
"Type": "AWS::NetworkFirewall::LoggingConfiguration",
"Type": "AWS::Athena::DataCatalog",
"Properties": {
"Name": "tnc-catalog",
"Type": "LAMBDA",
"Description": "catalog for talkncloud demo",
"Parameters": {
Parameters
-
Name
required - String -
Description
optional - String -
Parameters
optional - Map -
Tags
optional - List of Tag -
Type
required - String
Explanation in CloudFormation Registry
The AWS::Athena::DataCatalog resource specifies an Amazon Athena data catalog, which contains a name, description, type, parameters, and tags. For more information, see DataCatalog in the Amazon Athena API Reference.
Frequently asked questions
What is AWS Athena Database?
AWS Athena Database is a resource for Athena of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Athena Database?
For Terraform, the cloudhashicorp/terraform-aws-modules-serverless and tmknom/example-cloud-bankruptcy-iac source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the RyunosukeHayashi/aws-cloudfomation-library, awslabs/aws-service-catalog-products and awslabs/aws-service-catalog-products source code examples are useful. See the CloudFormation Example section for further details.