Creates an AWS Athena workgroup that encrypts results server-side.
module "athena_workgroup" {
source = "dod-iac/athena-workgroup/aws"
name = format("app-%s-%s", var.application, var.environment)
output_location = format("s3://%s/", var.bucket_name)
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Creates an AWS Athena workgroup that encrypts results server-side using a KMS key.
module "s3_kms_key" {
source = "dod-iac/s3-kms-key/aws"
name = format("alias/app-%s-s3-%s", var.application, var.environment)
description = format("A KMS key used to encrypt objects at rest in S3 for %s:%s.", var.application, var.environment)
principals = ["*"]
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}
module "athena_workgroup" {
source = "dod-iac/athena-workgroup/aws"
encryption_option = "SSE_KMS"
kms_key_arn = module.s3_kms_key.aws_kms_key_arn
name = format("app-%s-%s", var.application, var.environment)
output_location = format("s3://%s/", var.bucket_name)
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| aws | >= 2.55.0 |
| Name | Version |
|---|---|
| aws | >= 2.55.0 |
No Modules.
| Name |
|---|
| aws_athena_workgroup |
| aws_caller_identity |
| aws_iam_account_alias |
| aws_partition |
| aws_region |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bytes_scanned_cutoff_per_query | Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least 10485760. | number |
-1 |
no |
| description | The description of the workgroup. Defaults to "The workgroup for [NAME]." | string |
"" |
no |
| enabled | Whether the workgroup is enabled. | bool |
true |
no |
| encryption_option | Indicates type of encryption used, either SSE_S3, SSE_KMS, or CSE_KMS. | string |
"SSE_S3" |
no |
| enforce_workgroup_configuration | Boolean whether the settings for the workgroup override client-side settings. | bool |
true |
no |
| kms_key_arn | For SSE_KMS and CSE_KMS, this is the KMS key Amazon Resource Name (ARN). | string |
"" |
no |
| name | The name of the AWS IAM policy. | string |
n/a | yes |
| output_location | The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/. | string |
n/a | yes |
| publish_cloudwatch_metrics_enabled | Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. | bool |
true |
no |
| tags | Tags applied to the workgroup. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) of the workgroup. |
| id | The id of the workgroup. |