Internetwork traffic privacy - Amazon Athena
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Internetwork traffic privacy

Traffic is protected both between Athena and on-premises applications and between Athena and Amazon S3. Traffic between Athena and other services, such as Amazon Glue and Amazon Key Management Service, uses HTTPS by default.

  • For traffic between Athena and on-premises clients and applications, query results that stream to JDBC or ODBC clients are encrypted using Transport Layer Security (TLS).

    You can use one of the connectivity options between your private network and Amazon:

  • For traffic between Athena and Amazon S3 buckets, Transport Layer Security (TLS) encrypts objects in-transit between Athena and Amazon S3, and between Athena and customer applications accessing it, you should allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket IAM policies. Although Athena currently uses the public endpoint to access data in Amazon S3 buckets, this does not mean that the data traverses the public internet. All traffic between Athena and Amazon S3 is routed over the Amazon network and is encrypted using TLS.

  • Compliance programs – Amazon Athena complies with multiple Amazon compliance programs, including SOC, PCI, FedRAMP, and others. For more information, see Amazon Web Services in scope by compliance program.