Joey Yi Zhao
Reputation: 42520
How to grant Athena query permission to a Lambda function?
I have an AWS Lambda function which queries an Amazon Athena database. But I get a permission error when executing the Lambda function:
An error occurred (AccessDeniedException) when calling the GetQueryExecution operation: User: arn:aws:sts::773592622512:assumed-role/lambda_access-role/reddit_monitor is not authorized to perform: athena:GetQueryExecution on resource: arn:aws:athena:ap-southeast-2:773592622512:workgroup/primary: ClientError
I have created this policy for the Lambda function:
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"athena:StartQueryExecution"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${var.athena-bucket}",
"arn:aws:s3:::${var.athena-bucket}/*"
]
}
]
}
I wonder why it still doesn't have permission to query Athena? Have I missed anything here?
Upvotes: 6
Views: 20204
Answers (1)
EagleBeak
Reputation: 7419
You granted athena:StartQueryExecution instead of athena:GetQueryExecution.
Upvotes: 7
Related Questions
- Athena query fails with: "Insufficient permissions to execute the query"
- Athena Query called by AWS Lambda function not returning results
- The same query working on Athena and not working on Lambda - S3 permissions
- Run AWS Athena’s queries with Lambda function
- Using AWS lambda to run query on Athena
- Athena permission denied while executing a query
- AWS Lambda function fails while query Athena
- Lambda Function Serverless permission
- Use AWS Role to authorize Lambda querying AWS datastore
- How to edit AWS EC2 instance's security groups to allow access to a lambda function only