1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Hello!
I understand that you are having permissions issues with a cross-account environment. Here are a few steps that could help fix this issue:
[1] Check the cross-account S3 bucket policy in Account Y: Ensure that the S3 bucket in account Y has a cross-account bucket policy that grants read access to the IAM role used by Athena in account X.
[2] IAM Role Permissions in Account X: Review the IAM policy attached to the IAM role used by Athena in account X. This IAM policy should have permissions to read from the Glue catalog in account Y, as well as permissions to execute the query in Athena.
[3] Trusted Relationships: View the trusted relationships between the IAM roles in both accounts. The roles in account X should be able to assume the role in account Y, and vice versa.
These are just a few items to check, however there are other methods and steps that could resolve this issue. Please refer to the following resources for further guidance:
[1] Cross-account bucket permissions -
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html
[2] Providing access to S3 bucket -
https://docs.aws.amazon.com/athena/latest/ug/security-iam-cross-account-glue-catalog-access.html
[3] Cross-account trust relationship -
https://repost.aws/knowledge-center/cross-account-access-iam
répondu il y a 9 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 10 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans