假设已设置权限,我能否从我的 AWS 账户为不同的 AWS 账户创建 Athena 表?
[英]Can I create an Athena table from my AWS account for a different AWS account, assuming permissions are set?
问题描述
I want to give a customer access to data in my account, but building a table around my s3 bucket requires additional overhead as the number of partitions are increasing overtime.
我想让客户访问我帐户中的数据,但是在我的 s3 存储桶周围构建一个表需要额外的开销,因为分区数量会随着时间的推移而增加。 In my account, I have a lambda that automatically handles this by dropping/creating Athena tables with the necessary partition projections.在我的帐户中,我有一个 lambda 通过删除/创建具有必要分区投影的 Athena 表来自动处理此问题。 I would like to have this same lambda create/drop an Athena table on another AWS account, not owned by me, is this possible?我想要同样的 lambda 在另一个不属于我的 AWS 账户上创建/删除 Athena 表,这可能吗? I know I could give each team access to my Athena table, but then all querying costs are accrued by me.我知道我可以让每个团队访问我的 Athena 表,但是所有查询费用都由我承担。
2 个解决方案
解决方案1
1 2020-05-26 13:09:01
I want to give a customer access to data in my account, but building a table around my s3 bucket requires additional overhead as the number of partitions are increasing overtime.
If I'm not mistaken, you won't have to manage partitions of your Athena/Glue table if you have Partition Projection set up.如果我没记错的话,如果您设置了分区投影,您就不必管理 Athena/Glue 表的分区。 So if your customer has the right permissions for accessing objects in your S3 bucket, they should be able to run queries via a table defined in their account.因此,如果您的客户具有访问 S3 存储桶中对象的正确权限,他们应该能够通过其账户中定义的表运行查询。
I would like to have this same lambda create/drop an Athena table on another AWS account, not owned by me, is this possible?
Yes, this is certainly possible as long as the correct permissions for creating/deleting tables in Glue are granted.是的,只要授予在 Glue 中创建/删除表的正确权限,这当然是可能的。
解决方案2
0 已采纳 2020-05-27 17:00:47
Based on feedback I received on the issues I was encountering, I ended up not needing to create/drop tables on another AWS account and instead used Athena's ALTER TABLE SET query to properly change the partition projections needed for my Athena table (via the execution of a lambda).根据我收到的关于我遇到的问题的反馈,我最终不需要在另一个 AWS 账户上创建/删除表,而是使用 Athena 的ALTER TABLE SET查询来正确更改我的 Athena 表所需的分区投影(通过执行一个拉姆达)。 Customers are required to do the same for their tables that rely on our s3 data.客户需要对依赖我们 s3 数据的表执行相同操作。
Note: If you choose to go this route, make sure that the code that runs the ALTER TABLE SET handles the race condition associated with setting the properties of the table rather than appending to them.注意:如果您选择 go 此路由,请确保运行ALTER TABLE SET的代码处理与设置表属性相关的竞争条件,而不是附加到它们。 (ie If a property value is equal to XYZ and the code responsible for executing the query runs in parallel (via multiple lambda invocations or some sort of parallelism), then you may run into the case that process A attempts to add value T to XYZ while process B attempts to add value C resulting in either XYZT or XYZC instead of the expected XYZTC ) (即如果一个属性值等于XYZ并且负责执行查询的代码并行运行(通过多个 lambda 调用或某种并行性),那么您可能会遇到进程A尝试将值T添加到XYZ的情况而进程B尝试添加值C导致XYZT或XYZC而不是预期的XYZTC )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.