How to disable download of AWS Athena Query results?

0

How to restrict a user from downloading Athena query results, and prevent them from uploading files directly to the Athena results bucket? User should still be able to run query in Athena and see the results. Will be great if someone can share the terraform code for the same.

dipus
feita há 7 meses506 visualizações
1 Resposta
1
Resposta aceita

Hello,

You can achieve your use case by restricting the user's "Get and Put" Object permissions for that particular S3 location (query result location) and then to still run queries and to view results via Athena, you can consider using AWS global condition context keys such as "aws:CalledViaLast".

{ "Sid": "BlockAthenaDownloads", "Effect": "Deny", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::athenaquery_result_loction/prefix/*", "Condition": { "StringNotEquals": { "aws:calledViaLast": [ "athena.amazonaws.com" ] } } }

Please refer to the documentation below to learn more about AWS global condition context keys:

[+] AWS global condition context keys - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-calledvia

Further, to create policy via terraform please refer to the below link:

[+] https://registry.terraform.io/providers/-/aws/latest/docs/resources/iam_role_policy_attachment

Thank you!

AWS
respondido há 7 meses
  • Thank you! It worked...

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas