[英]How to grant Athena query permission to a Lambda function?
I have an AWS Lambda function which queries an Amazon Athena database. 我有一个可查询Amazon Athena数据库的AWS Lambda函数。 But I get a permission error when executing the Lambda function: 但是执行Lambda函数时出现权限错误:
An error occurred (AccessDeniedException) when calling the GetQueryExecution operation: User: arn:aws:sts::773592622512:assumed-role/lambda_access-role/reddit_monitor is not authorized to perform: athena:GetQueryExecution on resource: arn:aws:athena:ap-southeast-2:773592622512:workgroup/primary: ClientError 调用GetQueryExecution操作时发生错误(AccessDeniedException):用户:arn:aws:sts :: 773592622512:assumed-role / lambda_access-role / reddit_monitor无权执行:资源上的雅典娜:GetQueryExecution:arn:aws:athena: ap-southeast-2:773592622512:workgroup / primary:ClientError
I have created this policy for the Lambda function: 我为Lambda函数创建了以下策略:
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"athena:StartQueryExecution"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${var.athena-bucket}",
"arn:aws:s3:::${var.athena-bucket}/*"
]
}
]
}
I wonder why it still doesn't have permission to query Athena? 我想知道为什么它仍然没有查询雅典娜的权限? Have I missed anything here? 我在这里错过了什么吗?
您授予了athena:StartQueryExecution
而不是athena:GetQueryExecution
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.