S3 Access Denied when querying Glue Tables in Athena

Question

I've loaded some CSV files from an S3 bucket into tables in a Glue DB. I'm trying to query the tables using Athena, but I keep getting this error:

```
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ZP23J6AS5MT0REB3; S3 Extended Request ID: Dy62uU4W+u7Wy1lU1MkmspQiJeVLIosj7lON99eRBE0sDnd4ihd2GqibyozpdmoXQlW/cPAXGqE=; Proxy: null)
```
There's also extended request ID that has the name of the S3 bucket and path. I'm not sure why I'm getting this because my AWSGlueServiceRole has the AmazonS3FullAccess policy attached to it. The S3 bucket is also designated as a data lake location, but I added the AWSLakeFormationDataAdmin policy to the role as well. Any assistance in troubleshooting is appreciated!

Answer

Hi,

Since you are running Athena from the AWS console, you should make sure that the IAM user has the necessary permissions to access the source data S3 bucket and query result S3 bucket. Additionally, please check the S3 bucket policy to confirm that it doesn't explicitly deny access to the account and doesn't include conditions that might deny the requests.

Please also refer these articles for more hints:

https://repost.aws/knowledge-center/access-denied-athena

https://repost.aws/questions/QUSdbxE1dmQHuXATSic08ofg/athena-query-access-denied-when-writing-to-location-s3

Thanks,
Rama

S3 Access Denied when querying Glue Tables in Athena

Contenus pertinents