是否可以通过 VPC 端点使用 AWS Athena?
[英]Its possible to use AWS Athena using a VPC endpoint?
问题描述
I would like to know if it is possible to create a VPC endpoint for AWS Athena and restrict to only allow certain users (that MUST BE in my account) to use the VPC endpoint.
我想知道是否可以为 AWS Athena 创建 VPC 端点并限制为仅允许某些用户(必须在我的账户中)使用 VPC 端点。 I currently use this VPC endpoint policy for a S3 endpoint and I would need something similar to use with AWS Athena.我目前将此 VPC 端点策略用于 S3 端点,并且我需要类似于 AWS Athena 使用的东西。
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::<MY_ACCOUNT_ID>:user/user1",
"arn:aws:iam::<MY_ACCOUNT_ID>:user/user2",
...
]
},
"Action": "*",
"Resource": "*"
}
]
}
The problem I'm trying to solve is to block developers in my company, that are logged in a RDP session inside my company VPN, to offload data to a personal AWS account.我试图解决的问题是阻止我公司中登录到我公司 VPN 内的 RDP 会话的开发人员将数据卸载到个人 AWS 账户。 So I would need a solution that blocks access to the public internet, so I think a VPC endpoint should be the only option, but I accept new ideas.所以我需要一个阻止访问公共互联网的解决方案,所以我认为 VPC 端点应该是唯一的选择,但我接受新想法。
1 个解决方案
解决方案1
2 已采纳 2019-10-01 22:38:43
Yes you can, check out this doc.是的,你可以,看看这个文档。 https://docs.aws.amazon.com/athena/latest/ug/interface-vpc-endpoint.html https://docs.aws.amazon.com/athena/latest/ug/interface-vpc-endpoint.html
Also, keep in mind to adopt a encryption at rest and transit when query data via athena, the results always by default is open even if it's saved on a encrypted s3 bucket.此外,请记住在通过 athena 查询数据时采用静态和传输加密,默认情况下结果始终是打开的,即使它保存在加密的 s3 存储桶中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.