Internetwork traffic privacy - Amazon Athena

Internetwork traffic privacy

Traffic is protected both between Athena and on-premises applications and between Athena and Amazon S3. Traffic between Athena and other services, such as AWS Glue and AWS Key Management Service, uses HTTPS by default.

  • For traffic between Athena and on-premises clients and applications, query results that stream to JDBC or ODBC clients are encrypted using Transport Layer Security (TLS).

    You can use one of the connectivity options between your private network and AWS:

  • For traffic between Athena and Amazon S3 buckets, Transport Layer Security (TLS) encrypts objects in-transit between Athena and Amazon S3, and between Athena and customer applications accessing it, you should allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket IAM policies. Although Athena currently uses the public endpoint to access data in Amazon S3 buckets, this does not mean that the data traverses the public internet. All traffic between Athena and Amazon S3 is routed over the AWS network and is encrypted using TLS.

  • Compliance programs – Amazon Athena complies with multiple AWS compliance programs, including SOC, PCI, FedRAMP, and others. For more information, see AWS services in scope by compliance program.