Fetching data from Athena and glue permissions
Question
I am using the code listed here to query data using Athena https://gist.github.com/schledererj/b2e2a800998d61af2bbdd1cd50e08b76
This needs the below policy to work -
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BroadAccess",
"Action": [
"glue:GetTable",
"glue:GetPartitions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Why is permission required for Glue resources for this to work?
2 answers
solution1
1 ACCPTED 2019-03-08 19:28:40
Athena uses the Glue catalog to store all the information about databases and tables. Athena itself is just the execution engine. When you run a query in Athena it starts by parsing the SQL, then asking Glue about the tables that are included in the query, what columns they have, and where their data is located. It uses this information to validate the query (do all the columns mentioned in the query exist, for example), and then it uses the data location(s) to plan the execution of the query.
You can read all about how Athena and Glue work together in the Integration with AWS Glue document.
solution2
1 2022-02-21 14:31:55
I would not suggest using BroadAccess operations as you want. Take a look at this page " Fine-Grained Access to Databases and Tables in the AWS Glue Data Catalog " and find what are the permissions that your application need. Then add on the "Action": [] array property of your configuration.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.