By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I resolve the "Unable to verify/create output bucket" error in Athena?

2 minute read
3

When I run Amazon Athena queries in SQL Workbench/J or in AWS Lambda, or when I use an AWS SDK, I get the error: "Unable to verify/create output bucket."

Short description

You get the "Unable to verify/create output bucket" error in Athena for one or both of the following reasons:

  • The Amazon Simple Storage Service (Amazon S3) bucket that you specified for the query result location doesn't exist.
  • The AWS Identity and Access Management (IAM) policy for the user or role that runs the query doesn't have the required Amazon S3 permissions.

Resolution

If you manually set the query result location, then you must confirm that the S3 bucket exists.

If the query result bucket exists, then check the following properties of the IAM policy for the user or role that runs the query:

  • Confirm that the required permissions are allowed, such as s3:GetBucketLocation.
  • Be sure that the IAM policy doesn't contain a Deny statement that uses aws:SourceIp or aws:SourceVpc to restrict S3 permissions.

For example, the following policy allows the IAM user or role to run the query:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload",
        "s3:CreateBucket",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::aws-athena-query-results-*",
        "arn:aws:s3:::query-results-custom-bucket",
        "arn:aws:s3:::query-results-custom-bucket/*"
      ]
    }
  ]
}

Note: If the bucket already exists, then the s3:CreateBucket permission isn't required. If you manually set the query result location, then don't include arn:aws:s3:::aws-athena-query-results-* in the policy.

The policy must include arn:aws:s3:::query-results-custom-bucket and arn:aws:s3:::query-results-custom-bucket/* only if you manually set the query result location.

Related information

Access to Amazon S3 from Athena

Examples of Amazon S3 bucket policies

Controlling access from virtual private cloud (VPC) endpoints with bucket policies

Policy actions for Amazon S3

AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago