stackoom
  简体   繁体   中英

Run AWS Athena’s queries with Lambda function

 原文  2019-01-13 20:27:52       amazon-web-services/ aws-lambda

Question

I created a table on AWS Athena on which I can run any query without any error:

select * from mytestdb.test

The table has three columns, customer_Id, product_Id, price .

I tried to create a lambda function that run the same query for me using boto3:

import time
import boto3

DATABASE = 'mytestdb'
TABLE = 'test'

output='s3://mybucketons3/'

COLUMN = 'Customer_Id'

def lambda_handler(event, context):

    keyword = 'xyz12345'

    query = "SELECT * FROM %s.%s where %s = '%s';" % (DATABASE, TABLE, COLUMN, keyword)

    client = boto3.client('athena')

    # Execution
    response = client.start_query_execution(
        QueryString=query,
        QueryExecutionContext={
            'Database': DATABASE
        },
        ResultConfiguration={
            'OutputLocation': output,
        }
    )


    return

However I got the following error:

Response:
{
  "errorMessage": "An error occurred (AccessDeniedException) when calling the StartQueryExecution operation: User: arn:aws:sts::076088932150:assumed-role/Test/QueryTest is not authorized to perform: athena:StartQueryExecution on resource: arn:aws:athena:us-west-2:076088932150:workgroup/primary",
  "errorType": "ClientError",

It seems sort of access issue however I am not sure why because I have both lambda and athena db with the same account.

3 answers

solution1
 4 ACCPTED  2019-01-13 21:20:32

As I've mentioned in the comment, your Lambda role should contain Allow policy to interact with Athena service. I've also added full permissions for your S3 bucket. Example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1547414166585",
      "Action": [
        "athena:StartQueryExecution"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1547414166586",
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    } 
  ]
}

solution2
 0  2020-01-09 18:32:07

A.Khan's idea worked for me.

Use the AWS console to edit the Lambda's IAM role to have AmazonAthenaFullAccess and AmazonS3FullAccess policies.

AWS 政策

solution3
 0  2021-07-30 07:24:06

Providing/adding full access for a service is not the best practice. You can try restricting access to only the actions that your lambda needs to perform. Try to redeploy the IAM role with specific permissions and re-attach it to lambda function once deployed successfully. Your lambda will surely work. If it still gives access denied after adding required permissions then raise a aws support ticket from your account.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Athena : run Athena using Lambda does not save in S3 bucket Using AWS lambda to run query on Athena AWS lambda function and Athena to create partitioned table Lambda function to query AWS Athena gives timeout AWS Lambda function fails while query Athena Can AWS Athena queries be run periodically (i.e., on a schedule)? cannot run queries against aws athena and glue database Is there a way to program AWS Athena queries to run every 15 minutes? AWS Lambda reading Athena database file and writing S3 to no avail How to run Lambda function for multiples files in AWS S3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM