Its possible to use AWS Athena using a VPC endpoint?

Question 1

I would like to know if it is possible to create a VPC endpoint for AWS Athena and restrict to only allow certain users (that MUST BE in my account) to use the VPC endpoint. I currently use this VPC endpoint policy for a S3 endpoint and I would need something similar to use with AWS Athena.

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::<MY_ACCOUNT_ID>:user/user1",
                    "arn:aws:iam::<MY_ACCOUNT_ID>:user/user2",
                    ...
                ]
            },
            "Action": "*",
            "Resource": "*"
        }
    ]
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

{

"Version": "2008-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": {

"AWS": [

"arn:aws:iam:::user/user1",

"arn:aws:iam:::user/user2",

...

]

},

"Action": "*",

"Resource": "*"

}

]

}

The problem I’m trying to solve is to block developers in my company, that are logged in a RDP session inside my company VPN, to offload data to a personal AWS account. So I would need a solution that blocks access to the public internet, so I think a VPC endpoint should be the only option, but I accept new ideas.

Question 2

Yes you can, check out this doc.
https://docs.aws.amazon.com/athena/latest/ug/interface-vpc-endpoint.html

Also, keep in mind to adopt a encryption at rest and transit when query data via athena, the results always by default is open even if it’s saved on a encrypted s3 bucket.

Its possible to use AWS Athena using a VPC endpoint?

Question:

Answer:

Leave a Reply Cancel reply