AWS Athena provides SQL queries over S3 data. The service depends on S3, Glue, and Athena itself so getting permissions set up can be tricky. Here is what worked for me.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 StartQueryFunction: Type: AWS::Serverless::Function Properties: Handler: src/lambda/search.start Policies: - S3ReadPolicy: BucketName: !Ref DataBucket - S3CrudPolicy: BucketName: !Ref AthenaResultsBucket - AthenaQueryPolicy: WorkGroupName: !Ref AthenaWorkGroup - Statement: - Effect: Allow Action: - glue:GetTable Resource: - !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog - !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:database/${GlueDatabase} - !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:table/${GlueDatabase}/* GetResultFunction: Type: AWS::Serverless::Function Properties: Handler: src/lambda/search.results Policies: - S3CrudPolicy: BucketName: !Ref AthenaResultsBucket - AthenaQueryPolicy: WorkGroupName: !Ref AthenaWorkGroup
Cheers!