Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableAtRestEncryption = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0006", Provider: provider.AWSProvider, Service: "athena", ShortCode: "enable-at-rest-encryption", Summary: "Athena databases and workgroup configurations are created unencrypted at rest by default, they should be encrypted", Impact: "Data can be read if the Athena Database is compromised", Resolution: "Enable encryption at rest for Athena databases and workgroup configurations", Explanation: `Athena databases and workspace result sets should be encrypted at rests. These databases and query sets are generally derived from data in S3 buckets and should have the same level of at rest protection.`, Links: []string{ "https://docs.aws.amazon.com/athena/latest/ug/encryption.html", }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, workgroup := range s.AWS.Athena.Workgroups { if !workgroup.IsManaged() { continue } if workgroup.Encryption.Type.EqualTo(athena.EncryptionTypeNone) { results.Add( "Workgroup does not have encryption configured.", &workgroup, workgroup.Encryption.Type, ) } else { results.AddPassed(&workgroup) } } for _, database := range s.AWS.Athena.Databases { if !database.IsManaged() { continue } if database.Encryption.Type.EqualTo(athena.EncryptionTypeNone) { results.Add( "Database does not have encryption configured.", &database, database.Encryption.Type, ) } else { results.AddPassed(&database) } } return }, )
View Source
var CheckNoEncryptionOverride = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0007", Provider: provider.AWSProvider, Service: "athena", ShortCode: "no-encryption-override", Summary: "Athena workgroups should enforce configuration to prevent client disabling encryption", Impact: "Clients can ignore encryption requirements", Resolution: "Enforce the configuration to prevent client overrides", Explanation: `Athena workgroup configuration should be enforced to prevent client side changes to disable encryption settings.`, Links: []string{ "https://docs.aws.amazon.com/athena/latest/ug/manage-queries-control-costs-with-workgroups.html", }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, workgroup := range s.AWS.Athena.Workgroups { if !workgroup.IsManaged() { continue } if workgroup.EnforceConfiguration.IsFalse() { results.Add( "The workgroup configuration is not enforced.", &workgroup, workgroup.EnforceConfiguration, ) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.