Reputation: 402
Its possible to use AWS Athena using a VPC endpoint?
I would like to know if it is possible to create a VPC endpoint for AWS Athena and restrict to only allow certain users (that MUST BE in my account) to use the VPC endpoint. I currently use this VPC endpoint policy for a S3 endpoint and I would need something similar to use with AWS Athena.
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::<MY_ACCOUNT_ID>:user/user1",
"arn:aws:iam::<MY_ACCOUNT_ID>:user/user2",
...
]
},
"Action": "*",
"Resource": "*"
}
]
}
The problem I'm trying to solve is to block developers in my company, that are logged in a RDP session inside my company VPN, to offload data to a personal AWS account. So I would need a solution that blocks access to the public internet, so I think a VPC endpoint should be the only option, but I accept new ideas.
Upvotes: 6
Views: 7182
Answers (1)
Reputation: 184
Yes you can, check out this doc. https://docs.aws.amazon.com/athena/latest/ug/interface-vpc-endpoint.html
Also, keep in mind to adopt a encryption at rest and transit when query data via athena, the results always by default is open even if it's saved on a encrypted s3 bucket.
Upvotes: 2
Related Questions
- Can I use a S3 endpoint for Amazon Athena?
- AWS Athena - Connect from Lambda
- Possible to call the aws interface endpoint in a peered vpc?
- providing vpc end point in aws api gateway cloudformation
- Create VPC Endpoint for AWS Cost explorer
- Inter VPC internet access between lambdas
- Access Api Gateway API operation from VPC?
- VPC Rekognition endpoint for use with Lambda
- Configure a VPC based on AWS example
- Can I specify HTTP endpoint in a VPC as resource in AWS API Gateway?