Athena query on health lake failing

Question

Following this [workshop](!https://catalog.us-east-1.prod.workshops.aws/workshops/498fdbc5-46e1-4cb0-97a0-f4ec3a30f26a/en-US) I created a health lake data store. In lake formation, a database "patientdata_feab4c153a725219bcf775ce51b25bf0_healthlake_view" got automatically created. I added **select** and **describe** grants to IAM role on this database.

I am able to see the FHIR entities as tables in the database but unable to query them.I am getting the below error

```
GENERIC_INTERNAL_ERROR: Access Denied (Service: S3, Status Code: 403, Request ID: FZGQN04CM30YTQJA, Extended Request ID: uBDbU594IdPWZW5m4nmb7EirKbNANa6HY2DFBL5jlLIGcrJsd3qiJJ5WekYd06IuLgfLjhqdQdU=)
This query ran against the "patientdata_feab4c153a725219bcf775ce51b25bf0_healthlake_view" database, unless qualified by the query. Please post the error message on our forum 
or contact customer support 
with Query Id: 86e4dfd2-c360-486a-a3c2-acc88cb7e54e
```

Answer

Underlying S3 bucket denied the request. Two options:

1/ If you can open a support case, support engineer should be able to provide exact reason.

2/ If you would like to self-troubleshoot, consider looking for the S3 call in CloudTrail for details.

From the workshop:  
> NOTE: All data in your account has been encrypted using a KMS key.

Rather common in such cases is that IAM principal making a call was granted s3:GetObject, but is missing kms:Decrypt

Athena query on health lake failing

관련 콘텐츠