- Newest
- Most votes
- Most comments
- Check the Athena Workgroup and Region:
Ensure that the Athena workgroup exists in the region you are working with and that you are accessing the correct region from Grafana.
- Verify the IAM Role:
Double-check that the IAM role associated with your Grafana workspace has the AmazonGrafanaAthenaAccess policy attached. Ensure that no deny policies or Service Control Policies (SCPs) are affecting this role’s permissions.
- Check S3 Permissions:
Ensure the S3 bucket permissions (grafana-athena-query-results-*) are properly configured. This bucket is where Athena stores query results, and Grafana needs access to it to retrieve the data.
- Test with AWS CLI:
Use the AWS CLI with the same IAM role (assume the role if necessary) to list the Athena workgroups:
aws athena list-work-groups --region <your-region>
This will help you verify if the IAM role has the necessary permissions to list the workgroups.
- Create a New Policy with Explicit Permissions:
If the managed policy is not working as expected, try creating a custom policy that explicitly allows access to the specific Athena workgroup and resources you are trying to use.
- Region-Specific Issues:
Ensure that the Athena workgroup and the Grafana workspace are both in the same region, or that you are selecting the correct region when setting up the data source in Grafana.
The issue with AWS Managed Grafana not showing Athena workgroups could be due to region mismatches, incorrect IAM role permissions, or misconfiguration in Grafana.
Ensure that Athena workgroups and Grafana are in the same region, verify that the IAM role has the right permissions, and double-check Grafana's settings.
Also, review any service limits.
Relevant content
- Accepted Answerasked 10 months ago
- Accepted Answerasked 2 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
Hi Deekshitha, thank you very much for answering.
I tried creating everything in the same region, just as you have indicated, but still the error persists. This is what I'm getting at the moment.
There were some errors while fetching your AWS information. Take a look carefully, please. UnrecognizedClientException: The security token included in the request is invalid. status code: 400, request id: be8a8dc0-8d72-4f5e-a43b-8316205144a0
I would like to test with AWS CLI, to assume the role and see if I can see any workgroups. But I'm not entirely sure on how to do it. If you could shed some light, that would be amazing.
Thank you so much Best Ed