I get the AmazonS3Exception "Access Denied with Status Code: 403" in Amazon Athena when I query a bucket in another account

Last updated: 2019-09-24

I'm using Amazon Athena to query objects in an Amazon Simple Storage Service (Amazon S3) bucket that is in a different account. Some of the objects in the bucket are owned by a third account. I get the AmazonS3Exception "Access Denied with Status Code: 403" when I run the query.

Short Description

This error commonly occurs when you try to query logs written by another AWS service, such as AWS CloudTrail, Amazon CloudFront, Amazon Virtual Private Cloud (Amazon VPC), and so on. These services log events to Amazon S3. The bucket owner has full access to the S3 objects. The second account doesn't own the bucket or the objects. That's why the second account gets an access denied error when querying an Athena table that references these S3 objects.

Resolution

It's not possible to transfer ownership of Amazon S3 objects. Instead, use one of the following options: