Reputation: 127
Is Security configuration required for Glue, to run Athena Queries from Encrypted bucket?
Stored data in Apache Parquet format on S3 with Server side encryption using default KMS key aws/s3. Created database and Table structure in Glue. Used Amazon Athena to run SQL queries on the data.
In this condition do I need to enable S3 encryption in Glue Security Configuration? If yes then can I create separate Security configurations as per databases? Because Every glue database will be attached to different buckets with different encryption keys.
I can run Athena SQL queries to read data without Glue encryption.
Upvotes: 0
Views: 443
Answers (1)
Reputation: 132862
If I understand the context of your question correctly, you don't need to do anything about the security configuration in Glue. That option is for when Glue writes data, for example in an ETL job.
If your only goal is to query the tables with Athena you only need to ensure that the IAM users or roles you use to query have permissions to use the KMS keys that the data is encrypted with – and since you are able to query the tables it seems that that is already the case.
Upvotes: 0
Related Questions
- Can AWS Glue connect to Elasticsearch using IAM authentication?
- Fetching data from Athena and glue permissions
- How to secure access to an athena/glue table by partition using native AWS features
- Can amazon Athena work without Glue catalog?
- AWS athena + Glue initial query issue
- Handle encrypted JSON in AWS Glue Job
- AWS Glue crawler not showing up in Athena
- AWS Glue with Athena
- Not able to Put data/object into S3 bucket using Glue Job when KMS Encryption is enabled
- enabling server-side encryption when creating an AWS Glue job