Posted On: Mar 2, 2020
When you submit a query to Athena that scans data from Amazon S3, Athena reads the required data from S3 to execute your query on your behalf using SSL encryption. Security conscious customers prefer to apply restrictive policies on their S3 buckets, for example, policy to allow data read access to only whitelisted IP addresses. Previously, there was no way to specify access for Athena in the restrictive S3 bucket policy. Thus Athena queries that needed to scan data from such S3 buckets failed. With this release, you can now easily use the aws:CalledVia key in addition to your existing bucket policy to allow Athena to scan data in your S3 bucket and execute your query on your behalf.