Amazon Athena Adds Support for Querying Encrypted Data in Amazon S3

Published on Apr 05, 2017

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL, and Athena now supports querying encrypted data stored in S3. Learn more about Amazon Athena here - Protecting sensitive information – such as security logs, financial transactions, healthcare records, and more – is often done by encrypting data. However, in many cases, users need to decide between securing their data or making it available for analytics. One of the big advantages of AWS is that you don’t have to make tough choices with your data. Amazon Redshift and Amazon EMR have long supported analytics on encrypted data. We’re excited to bring this capability to Athena. Now, you can easily run SQL queries directly against your encrypted data in S3 and write encrypted results back to your S3 bucket. Both, server-side encryption and client-side encryption are supported, enabling you to query your data while it’s protected at rest, encrypted in Amazon S3; and in-transit, as it travels to and from Amazon S3; and also via Athena’s JDBC driver, over encrypted communication channels. When you run a query, Athena infers the encryption information from your data automatically. Then it processes the data and encrypts the results with a user specific key before writing them to S3 and sending them back to the console. This means your data is secure at every step of the process. Athena also integrates with the AWS Key Management Service (AWS KMS), a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. You can query data that’s encrypted using Server-Side Encryption with Amazon S3-Managed Encryption Keys, Server-Side Encryption with AWS KMS–Managed Keys, and Client-Side Encryption with keys managed by the AWS Key Management Service.