How to disable Copy query results from Athena


I want to disable the 'Copy' button in Athena for an IAM role. The Download permission is already denied for this role using 'aws:calledViaLast' condition. But the user can still copy data using the Copy button and save it elsewhere. I need to prevent this due to data privacy/security reasons. Additionally, I would like to disable selecting and copying results using Keyboard and/or Right click. Really appreciate any help... Thanks!

asked 3 months ago134 views
1 Answer
Accepted Answer


Hope you are doing good !

Right now, It is not possible to restrict access to the Copy button using policies. This is because when we are using the Copy option, it is not making any API call. As you said even if we try to restrict, select text from the query editor and copy it using the keypad would still be possible.

I checked internally and found out that there is already a feature request with the service team regarding this. While I am unable to comment on when this feature may get released, I request you to keep an eye on our Whats new and Blog for any new feature announcements.

[1] [2]

Having said that, If feasible you can try out the below alternative, wherein you can deny the “athena:GetQueryResults” API call. Then this will not give any results on the console when you run a query but still the query would be successful. It will just show if the query has succeeded and will show the amount of data that is scanned. If your use case fits this then you can implement this so that the users won't be having access to the data on console directly . The sample policy for the same :

{ "Sid": "BlockAthenaCopy”, "Effect": "Deny", "Action": "athena:GetQueryResults", "Resource": "arn:aws:athena:*:XXXXXXXXXXX:workgroup/workgroup_name”, "Condition": { "StringNotEquals": { "aws:CalledVia": " " } } }

Thanks and have a great day !

answered 3 months ago
  • Thank you! The users need to see the query results, so 'GetQueryResults' cannot be denied at this moment. I will keep an eye on the feature request.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions