- Newest
- Most votes
- Most comments
Hello Al,
Thanks for your question. Considering you shared the resources from Account A to Account B and created the source links in Account B and you are using the resource links in Amazon Athena to query the data, probably you need to grant permission in Account B to the Data Location as well. Please could you confirm the following items?
Question 1: In Account A, Did you register the Data Lake location for bucket "mytime-dynamic-data" using a Service Role? Question 2: In Account B, did you share the Data Location "mytime-dynamic-data" with the Account B? You can perform the following steps if the answer of Question 1 is yes:
a) Open AWS Lake Formation in Account A
b) After open the AWS Lake Formation, navigate to the option "Data Location" available in the left pane
c) After open "Data Location", click on "Grant" button in the right side
d) Share the "Data Location" with Account B with the "Grantable" option enabled. The "Data Location" should be the Amazon S3 bucket registered in "Data Lake Location":
e) If you were able to share successfully the "Data Location", open the AWS Console related to Account B and navigate to AWS Lake Formation
f) In AWS Lake Formation in Account B, navigate to the option "Data Location". After open "Data Location", click on "Grant" button in the right side.
g) Grant the "Data Location" to the Principal in AWS Account B that needs to query the data in Amazon Athena. Make sure to fill the options below carefully:
- Storage locations: fill with the Amazon S3 bucket path that you shared from Account A with Account B
- Registered account location: fill with AWS Account A number (because the Amazon S3 is registered in
AWS Account A)
h) Access Amazon Athena in Account B and try to query the data again. Probably if will solve the permission issue
Let me know.
Relevant content
- asked 4 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago