Athena
Requirements
Name
Description
Teleskope Role
Attach Athena read and/or write permissions to the Teleskope IAM role you created
1
Grant Teleskope Read Access to Athena
Teleskope needs read access to scan and classify your data stored in Athena.
Attach a custom AmazonAthenaReadOnlyAccess to the Teleskope IAM role you created.
Terraform
resource "aws_iam_role_policy_attachment" "sns_policy" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaReadOnlyAccess"
}
Custom AmazonAthenaReadOnlyAccess:
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AthenaReadOnlyPermissions",
"Effect" : "Allow",
"Action" : [
"athena:*"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseGluePermissions",
"Effect" : "Allow",
"Action" : [
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:StartColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRuns"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseQueryResultsPermissions",
"Effect" : "Allow",
"Action" : [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
],
"Resource" : [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Sid" : "BaseAthenaExamplesPermissions",
"Effect" : "Allow",
"Action" : [
"s3:GetObject",
"s3:ListBucket"
],
"Resource" : [
"arn:aws:s3:::athena-examples*"
]
},
{
"Sid" : "BaseS3BucketPermissions",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseSNSPermissions",
"Effect" : "Allow",
"Action" : [
"sns:ListTopics",
"sns:GetTopicAttributes"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseLakeFormationPermissions",
"Effect" : "Allow",
"Action" : [
"lakeformation:GetDataAccess"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BaseDataZonePermissions",
"Effect" : "Allow",
"Action" : [
"datazone:ListDomains",
"datazone:ListProjects",
"datazone:ListAccountEnvironments"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BasePricingPermissions",
"Effect" : "Allow",
"Action" : [
"pricing:GetProducts"
],
"Resource" : [
"*"
]
}
]
}
2
Grant Teleskope Read & Write Access to Athena (Optional)
Teleskope needs write access take enforce remediation policies such as tagging, redaction, deletion, etc.
Attach the AmazonAthenaFullAccess to the Teleskope IAM role you created.
Terraform
resource "aws_iam_role_policy_attachment" "AmazonAthenaFullAccess" {
role = "TeleskopeRole"
policy_arn = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess"
}
Last updated
Was this helpful?