Its possible to use AWS Athena using a VPC endpoint?


I would like to know if it is possible to create a VPC endpoint for AWS Athena and restrict to only allow certain users (that MUST BE in my account) to use the VPC endpoint. I currently use this VPC endpoint policy for a S3 endpoint and I would need something similar to use with AWS Athena.

The problem I’m trying to solve is to block developers in my company, that are logged in a RDP session inside my company VPN, to offload data to a personal AWS account. So I would need a solution that blocks access to the public internet, so I think a VPC endpoint should be the only option, but I accept new ideas.


Yes you can, check out this doc.

Also, keep in mind to adopt a encryption at rest and transit when query data via athena, the results always by default is open even if it’s saved on a encrypted s3 bucket.

Leave a Reply