By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Permission problem in Cloudformation

0

Cloudformation create-stack generates an Athena access denied while writing error. The problem is generated when writing to the athena-results bucket. I'm logged in with a SSO role with AdministratorAccess access via CLI.

I can create the specified object from the command line via "aws s3 cp" and I'm able to execute "aws athena start-query-execution" without trouble. It's only via cloudformation.

Bellow the specific error: ResourceStatus: CREATE_FAILED ResourceStatusReason: 'Resource handler returned message: "[Simba]AthenaJDBC An error has been thrown from the AWS Athena client. Access denied when writing to location: s3://cost-athena-results-123456789012/8fefd451-2a3f-4bc9-881e-84061de8db91.csv [Execution ID: 8fefd451-2a3f-4bc9-881e-84061de8db91]" (RequestToken: b0d4b7d5-998b-6ca8-22c6-657fa2433fe8, HandlerErrorCode: null)' ResourceType: AWS::QuickSight::DataSource

Topics
AnalyticsSecurity, Identity, & ComplianceManagement & GovernanceAWS Well-Architected Framework
Tags
Amazon AthenaAWS Identity and Access ManagementAWS Command Line InterfaceAWS CloudFormationCost Optimization
Language
English
AWS-User-5995037
asked 2 years ago681 views
1 Answer
0

If you are trying to connect to Athena from QuickSight, you also need to authorize QuickSight to access S3: https://docs.aws.amazon.com/quicksight/latest/user/troubleshoot-connect-S3.html

AWS
Geno_AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content