How do you control that?There’s nothing you need to do here.
Amazon service endpoints are SSL encrypted.
That means Transport Layer Security (TLS) is used to encrypt objects in transition between S3 and Athena.
If you are using a JDBC compliant SQL query tools to run Athena queries, the data returned to the client will be SSL encrypted.
The last option isn’t actually about securing anything, it’s more for monitoring.
You can enable CloudTrail on your AWS account, which once enabled, will log every API call made to any AWS service in that account.
The log files for these events will be stored in S3 in a compressed and encrypted format.
Since CloudTrail logs are saved in S3, they are very much searchable from Athena.
In fact, the CloudTrail console offers a facility to create an Athena table for the logs.
Creating an Athena table from the AWS CloudTrail consoleOnce you create the table, you can search the logs.
You can also configure CloudTrail to trap S3 data events like GetObject (Read) and PutObject (Write) for your Athena source buckets.
You can use the logs from these data events to see when AWS Athena is accessing S3.
AWS CloudTrail configuration for S3 data eventsSo now you have seen a few options for securing Amazon Athena.
Which ones you implement is up to you.
What about other advanced areas?.Like automating Athena?.Or making it work with BI analytics tools?.To learn these and more with hands-on exercises, you can enroll in my online course at Pluralsight: Advanced Operations with Amazon Athena.
.. More details