Athena

Requirements

Name
Description

Teleskope Role

Attach Athena read and/or write permissions to the Teleskope IAM role you created

1

Grant Teleskope Read Access to Athena

Teleskope needs read access to scan and classify your data stored in Athena.

Attach a custom AmazonAthenaReadOnlyAccess to the Teleskope IAM role you created.

Terraform

resource "aws_iam_role_policy_attachment" "sns_policy" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaReadOnlyAccess"
}

Custom AmazonAthenaReadOnlyAccess:

{
  "Version" : "2012-10-17",
  "Statement" : [
    {
      "Sid" : "AthenaReadOnlyPermissions",
      "Effect" : "Allow",
      "Action" : [
        "athena:*"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BaseGluePermissions",
      "Effect" : "Allow",
      "Action" : [
        "glue:GetDatabase",
        "glue:GetDatabases",
        "glue:GetTable",
        "glue:GetTables",
        "glue:GetPartition",
        "glue:GetPartitions",
        "glue:BatchGetPartition",
        "glue:StartColumnStatisticsTaskRun",
        "glue:GetColumnStatisticsTaskRun",
        "glue:GetColumnStatisticsTaskRuns"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BaseQueryResultsPermissions",
      "Effect" : "Allow",
      "Action" : [
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload",
      ],
      "Resource" : [
        "arn:aws:s3:::aws-athena-query-results-*"
      ]
    },
    {
      "Sid" : "BaseAthenaExamplesPermissions",
      "Effect" : "Allow",
      "Action" : [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource" : [
        "arn:aws:s3:::athena-examples*"
      ]
    },
    {
      "Sid" : "BaseS3BucketPermissions",
      "Effect" : "Allow",
      "Action" : [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BaseSNSPermissions",
      "Effect" : "Allow",
      "Action" : [
        "sns:ListTopics",
        "sns:GetTopicAttributes"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BaseLakeFormationPermissions",
      "Effect" : "Allow",
      "Action" : [
        "lakeformation:GetDataAccess"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BaseDataZonePermissions",
      "Effect" : "Allow",
      "Action" : [
        "datazone:ListDomains",
        "datazone:ListProjects",
        "datazone:ListAccountEnvironments"
      ],
      "Resource" : [
        "*"
      ]
    },
    {
      "Sid" : "BasePricingPermissions",
      "Effect" : "Allow",
      "Action" : [
        "pricing:GetProducts"
      ],
      "Resource" : [
        "*"
      ]
    }
  ]
}
2

Grant Teleskope Read & Write Access to Athena (Optional)

Teleskope needs write access take enforce remediation policies such as tagging, redaction, deletion, etc.

Attach the AmazonAthenaFullAccess to the Teleskope IAM role you created.

Terraform

resource "aws_iam_role_policy_attachment" "AmazonAthenaFullAccess" {
  role       = "TeleskopeRole"
  policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess"
}

Last updated

Was this helpful?