search

awsdocs / amazon-athena-user-guide

The open source version of the Amazon Athena documentation. To submit feedback & requests for changes, submit issues in this repository, or make proposed changes & submit a pull request.
Other
84 stars 103 forks source link

Likely missing permission "glue:GetDatabases" #81

Closed RajasGujarathi closed 2 years ago

RajasGujarathi commented 2 years ago

Describe

We are trying to make use of the Connecting to Amazon Athena with ODBC to connect to AWS DynamoDB via AWS Athena

When we are trying to provide limited permission(s) to the AWS IAM User we are referring to the Fine-grained access to databases and tables in the AWS Glue Data Catalog but we encounter the following error

Error

FAILED!

[Simba][Athena] (1040) An error has been thrown from the AWS Athena client. Error Message: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:User: AWS_IAM_User_ARN is not authorized to perform: glue:GetDatabases on resource: arn:aws:glue:*:*:catalog because no identity-based policy allows the glue:GetDatabases action (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: ; Proxy: null)) [Execution ID: ]

Proposal

In the documentation, Fine-grained access to databases and tables in the AWS Glue Data Catalog, glue:GetDatabases needs to be present in addition to existing permissions.

Can someone help confirm?

taammann commented 2 years ago

Thanks for bringing this to our attention and your subsequent pull request.