MMA
Reputation: 51
Access PRIVATE S3 bucket from Athena in a separate AWS account
I am able to have cross-account access on a public S3 bucket bucketA. However, I need the Athena service and boto3 library to access the same S3 bucketA which is now a private resource.
How can it be done ?
Regards, Aarushi
Upvotes: 0
Views: 492
Answers (1)
John Rotenstein
Reputation: 269390
When Amazon Athena runs queries, it uses the current user's access permissions to access Amazon S3.
Therefore, if you want a particular user to run Athena queries against data in S3, simply make sure that this user has access to the relevant Amazon S3 buckets.
Let's say you have:
- An IAM User (
User-A) in Account-A - An Amazon S3 Bucket (
Bucket-B) in Account-B - You want to permit
User-Ato run Amazon Athen queries against data inBucket-B
You should:
- Add an IAM policy to
User-Athat permits them to accessBucket-B(presumablys3:ListBucketands3:GetObject, at a minimum) - Add a Bucket Policy to
Bucket-Bthat permits access byUser-A(this is required for cross-account access) -- the permissions should be the same as the IAM Policy (egs3:ListBucketands3:GetObjectat a minimum)
That should allow User-A to run queries on data in Bucket-B.
See the documentation: Cross-account Access in Athena to Amazon S3 Buckets - Amazon Athena
Upvotes: 2
Related Questions
- AccessDenied on AWS Athena
- Allow Athena query to S3 bucket
- Querying S3 using Athena
- Access Denied when querying in Athena for data in S3 bucket in another AWS account
- Have AWS Athena assume role for accessing external S3 bucket
- Outputting Athena Query Result to s3 bucket in a different AWS Account from Lambda
- Access Denied while querying S3 files from AWS Athena within Lambda in different account
- Access s3 bucket from different aws account
- Amazon Athena Cross Account Access
- S3 credentials for a public bucket?