How to grant Athena query permission to a Lambda function?

Question

I have an AWS Lambda function which queries an Amazon Athena database. But I get a permission error when executing the Lambda function:

An error occurred (AccessDeniedException) when calling the GetQueryExecution operation: User: arn:aws:sts::773592622512:assumed-role/lambda_access-role/reddit_monitor is not authorized to perform: athena:GetQueryExecution on resource: arn:aws:athena:ap-southeast-2:773592622512:workgroup/primary: ClientError

I have created this policy for the Lambda function:

  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "athena:StartQueryExecution"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
            "arn:aws:s3:::${var.athena-bucket}",
            "arn:aws:s3:::${var.athena-bucket}/*"
        ]
    } 
  ]
}

I wonder why it still doesn't have permission to query Athena? Have I missed anything here?

You granted `athena:StartQueryExecution` instead of `athena:GetQueryExecution` — EagleBeak, Jul 25 '19 at 11:11
you have your aws account posted in that question. You may want to obfusctate it. — WallMobile, Dec 01 '20 at 21:37

score 6 · Accepted Answer · answered Jul 25 '19 at 12:01

6

You granted athena:StartQueryExecution instead of athena:GetQueryExecution.

answered Jul 25 '19 at 12:01

EagleBeak

6,939
8
31
47

How to grant Athena query permission to a Lambda function?

1 Answers1