When I run an Athena query, I get an "Access Denied" error
Last updated: 2020-05-11
When I run an Amazon Athena query, I get an "Access Denied" error. What might be causing this, and how do I fix it?
Athena reads data from Amazon Simple Storage Service (Amazon S3) buckets using the AWS Identity and Access Management (IAM) credentials of the user who submitted the query. Query results are stored in a separate S3 bucket. Usually, an "Access Denied" error means that you don't have permission to read the data in the bucket, or permission to write to the results bucket.
To troubleshoot an "Access Denied" error, confirm the following:
- The IAM user has an attached policy that allows access to Athena, such as AmazonAthenaFullAccess. If you change the default location of the results bucket (aws-athena-query-results-*), be sure that the IAM user has permission to read and write to the new location.
- The bucket policies and object ACLs allow the IAM user to access the objects in the buckets. If the IAM user is in a different AWS account, see Cross-account Access.
- The Amazon S3 location matches the format s3://awsexamplebucket/path. Don't include the endpoint (for example, s3://us-east-1.amazonaws.com/awsexamplebucket/path).