By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Athena Query failing

0

Insufficient permissions to execute the query. Encountered an exception executed in context[Split[ef558767-2775-49fb-966a-fbf03c7baee6:0]] with message[Encountered an exception executed in context[retrieving blocks] with message[Encountered an exception executed in context[executing] with message[Forbidden resource: Forbidden: HTTP response error code: 403 Message: AccessDenied Access Denied x-amz-request-id: 5480WZTXCTTG38F1 x-amz-id-2: PfypL0EbdlVgPIFfrK7WkBIu5em35z1Pn8lpghOClK1yNMPulHZq09OmONNdBcOIa1gD2FTi6Q4hJv4R4SZAJQ== This query ran against the "andes" database, unless qualified by the query. Query Id: b3d31e9c-654a-402e-a20b-e026ff409608

Topics
Analytics
Tags
Amazon AthenaAWS Glue
Language
English
rePost-User-6953937
asked a year ago337 views
1 Answer
0

It seems that the IAM user using Athena doesn't have the required permissions to access the S3 bucket that you want to query.

You can check this Access denied in Athena troubleshooting guide for detailed information.

The first section covers the permissions required by a IAM user to access the S3 buckets from Athena. As you can see in the example policy your user needs to have ListBucket and GetObject permissions for the S3 source bucket.

Here is the example policy. Fore more guidance check the troubleshooting guide.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::my-athena-source-bucket"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::my-athena-source-bucket/data/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:AbortMultipartUpload",
        "s3:PutObject",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": [
        "arn:aws:s3:::my-athena-result-bucket",
        "arn:aws:s3:::my-athena-result-bucket/*"
      ]
    }
  ]
}
profile pictureAWS
igsalvar
answered a year ago
AWS
EXPERT
Fabrizio@AWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content