When I run an Amazon Athena query, I get an "Access Denied" error. What might be causing this, and how do I fix it?

Amazon Athena reads data from Amazon S3 buckets using the IAM credentials of the user who submitted the query; query results are stored in a separate S3 bucket. Usually, an "Access Denied" error indicates that you don't have permission to read the data in the bucket as well as be able to read and write to the results bucket.

To troubleshoot this issue, check the following:

  1. Check that the IAM user has an attached policy that allows access to Athena data. If you changed the results location from the default “aws-athena-query-results-*”, make sure the IAM user has access to read and write to the new results location.
  2. Check that the bucket policies and object ACLs allow access to the objects in the buckets.
  3. The S3 location should match the format s3://bucket/path; don't include the endpoint. For example, s3://us-east-1.amazonaws.com/bucket/path would result in an "Access Denied" error.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-12-15