Cross-Account Connect Athena (account X) to Glue + S3 (account Y)



This question from 3 years ago sims to be similar. I did all that is suggested appart from using Lake Formation. I wanted to try and create the permissions manually first.

Account Y: I have JSON data in an S3 and used Glue to create the catalog in account Y. I configured this owner account such as Step 1.a I also configured the S3 bucket according to "Apply a cross-account bucket policy" from

Account X: I want to configure Athena to query S3 using the catalog created by Glue I configured this borrower account such as Step 1.b I also configured the IAM Policies according to "Apply a cross-account bucket policy" from Both S3 and Glue Policies are attached to the concerned users in this account.

Problem: In account X, Athena is capable of accessing Glue and it displays Database, Tables and the catalog. However when I run a query (a same successful query made in account Y) I get the error

Permission denied on S3 path: s3://asdf
This query ran against the "dbname" database, unless qualified by the query. Please post the error message on our forum
or contact customer support
with Query Id: a3a3a3a...

Apparently, I'm missing a S3 permission but I can't find information about it

Any help is much appreciated.


asked 5 months ago72 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions