Access PRIVATE S3 bucket from Athena in a separate AWS account
Question
I am able to have cross-account access on a public S3 bucket bucketA . However, I need the Athena service and boto3 library to access the same S3 bucketA which is now a private resource.
How can it be done?
Regards, Aarushi
1 answers
solution1
1 2022-03-20 21:37:53
When Amazon Athena runs queries, it uses the current user's access permissions to access Amazon S3.
Therefore, if you want a particular user to run Athena queries against data in S3, simply make sure that this user has access to the relevant Amazon S3 buckets.
Let's say you have:
- An IAM User (
User-A) in Account-A - An Amazon S3 Bucket (
Bucket-B) in Account-B - You want to permit
User-Ato run Amazon Athen queries against data inBucket-B
You should:
- Add an IAM policy to
User-Athat permits them to accessBucket-B(presumablys3:ListBucketands3:GetObject, at a minimum) - Add a Bucket Policy to
Bucket-Bthat permits access byUser-A(this is required for cross-account access) -- the permissions should be the same as the IAM Policy (egs3:ListBucketands3:GetObjectat a minimum)
That should allow User-A to run queries on data in Bucket-B .
See the documentation: Cross-account Access in Athena to Amazon S3 Buckets - Amazon Athena
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.