Whilst querying a postgres DB on RDS via a lambda function, I keep getting the below error. I'm running the query as root and i definitely have access to the bucket spill bucket it's complaining about.
GENERIC_USER_ERROR: Encountered an exception[java.lang.RuntimeException] from your LambdaFunction[jdbc_connector] executed in context[retrieving meta-data] with message[You do NOT own the spill bucket with the name: arn:aws:s3XXXX]
The role that runs the lambda function has the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"athena:StartQueryExecution",
"lambda:InvokeFunction",
"athena:GetQueryResults",
"s3:ListBucket",
"athena:ListWorkGroups",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObject",
"athena:GetWorkGroup",
"s3:AbortMultipartUpload",
"athena:StopQueryExecution",
"athena:GetQueryExecution",
"s3:GetBucketLocation"
],
"Resource": ""
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "athena:",
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::XXX"
}
]
}
Any ideas what im missing
