Grant Teleskope Read and Write Access to Athena
Teleskope needs write access take enforce remediation policies such as tagging, redaction, deletion, etc.
Attach the AmazonAthenaFullAccess to the Teleskope IAM role you created.
resource "aws_iam_role_policy_attachment" "AmazonAthenaFullAccess" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess"
}
Grant Teleskope Read Access to Athena
Teleskope needs read access to scan and classify your data stored in Athena.
Attach a custom AmazonAthenaReadOnlyAccess to the Teleskope IAM role you created.
resource "aws_iam_role_policy_attachment" "sns_policy" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaReadOnlyAccess"
}
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AthenaReadOnlyPermissions",
"Effect" : "Allow",
"Action" : [
"athena:*"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseGluePermissions",
"Effect" : "Allow",
"Action" : [
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:StartColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRuns"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseQueryResultsPermissions",
"Effect" : "Allow",
"Action" : [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
],
"Resource" : [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Sid" : "BaseAthenaExamplesPermissions",
"Effect" : "Allow",
"Action" : [
"s3:GetObject",
"s3:ListBucket"
],
"Resource" : [
"arn:aws:s3:::athena-examples*"
]
},
{
"Sid" : "BaseS3BucketPermissions",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseSNSPermissions",
"Effect" : "Allow",
"Action" : [
"sns:ListTopics",
"sns:GetTopicAttributes"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseLakeFormationPermissions",
"Effect" : "Allow",
"Action" : [
"lakeformation:GetDataAccess"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseDataZonePermissions",
"Effect" : "Allow",
"Action" : [
"datazone:ListDomains",
"datazone:ListProjects",
"datazone:ListAccountEnvironments"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BasePricingPermissions",
"Effect" : "Allow",
"Action" : [
"pricing:GetProducts"
],
"Resource" : [
"*"
]
}
]
}