通过 Athena 跨账户访问 AWS Glue 数据目录

Question

是否可以通过账户A的 Athena 接口直接访问账户B 的AWS Glue 数据目录？

Answer 1

I was just trying to resolve this same issue in my own setup, but then stumbled across this bummer (the last bullet under Cross-Account Access Limitations on this page ):

Cross-account access to the Data Catalog is not supported when using an AWS Glue crawler, Amazon Athena, or Amazon Redshift.

So it sounds like even with the cross-account access that is possible today, they won't naturally replicate through those services (including the asked about Athena).

That said, I was able to set up cross-account access to the AWS Glue Data Catalog in a way that allowed me to use Account A to pull all relevant info about Data Catalog objects from Account B. I can update my answer to incorporate how far I got, if you want, but a hacky method that might solve this question would be to set up the cross-account access that is possible today then run a recurring Lambda function that replicates over all the relevant metadata in the Data Catalog from Account B to Account A so users in Account A can view that within Account A's AWS Glue Data Catalog. I'm not sure whether Athena specifically would work in that setup, as I know it requires PutObject access when it queries data in S3 (which could be solved via the appropriate S3 bucket policies, but that'd be another cross-account permissions thing to manage).

Let me know whether you'd like to see those details on what cross-account stuff I was able to get working.

Answer 2

AWS 已开始使用 Lambda 支持此功能，请点击以下链接https://aws.amazon.com/blogs/big-data/cross-account-aws-glue-data-catalog-access-with-amazon-athena/

Answer 3

Since May 2021 it is now possible to register a data catalog from a different account in Amazon Athena, see the User Guide .

Athena Query Engine v2 is required though and there are some other limitations .