By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 Access Denied when querying Glue Tables in Athena

0

I've loaded some CSV files from an S3 bucket into tables in a Glue DB. I'm trying to query the tables using Athena, but I keep getting this error:

com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ZP23J6AS5MT0REB3; S3 Extended Request ID: Dy62uU4W+u7Wy1lU1MkmspQiJeVLIosj7lON99eRBE0sDnd4ihd2GqibyozpdmoXQlW/cPAXGqE=; Proxy: null)

There's also extended request ID that has the name of the S3 bucket and path. I'm not sure why I'm getting this because my AWSGlueServiceRole has the AmazonS3FullAccess policy attached to it. The S3 bucket is also designated as a data lake location, but I added the AWSLakeFormationDataAdmin policy to the role as well. Any assistance in troubleshooting is appreciated!

Topics
StorageAnalytics
Tags
Amazon Simple Storage ServiceAmazon AthenaAWS GlueAWS Lake Formation
Language
English
bhorvic
asked 4 months ago365 views
1 Answer
0

Hi,

Since you are running Athena from the AWS console, you should make sure that the IAM user has the necessary permissions to access the source data S3 bucket and query result S3 bucket. Additionally, please check the S3 bucket policy to confirm that it doesn't explicitly deny access to the account and doesn't include conditions that might deny the requests.

Please also refer these articles for more hints:

https://repost.aws/knowledge-center/access-denied-athena

https://repost.aws/questions/QUSdbxE1dmQHuXATSic08ofg/athena-query-access-denied-when-writing-to-location-s3

Thanks, Rama

profile pictureAWS
Rama
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content