Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Shouldn't the AWSReadOnlyAccess permission group allow access to query Athena tables

0

In an enterprise account, and wanted to give someone access to query the Cloudtrail logs that are in the Log Archive account Control Tower created. But when I go in with the permission set AWSReadOnlyAccess I get errors bringing up Athena and can't see the tables that were created in there. It all seems like it should be read-only stuff; is that just a miss on AWS's part? Not very useful if the first thing I tried that set of permissions with doesn't work.

User: arn:aws:sts::....:assumed-role/AWSReservedSSO_AWSReadOnlyAccess_.../... is not authorized to perform: athena:GetQueryExecution on resource: arn:aws:athena:us-east-1:...:workgroup/primary because no identity-based policy allows the athena:GetQueryExecution action This query ran against the "" database, unless qualified by the query.

Tópicos
AnáliseSegurança, identidade e conformidade
Tags
Amazon AthenaAWS Identity and Access Management
Idioma
English
larryjkl
feita há 2 anos241 visualizações
1 Resposta
1

The AWSSSOReadOnly policy is about having read only access to the AWS SSO service and its resources, not AWS in general.

What you probably want is to attach the ReadOnlyAccess AWS managed policy to your permission set, as it has permissions like athena:Batch*, athena:Get*, and athena:List*.

profile picture
rowanu
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante