AWS Athena (IAM)

aws analytics

An interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

Common permissions

athena:GetQueryExecutionathena:GetQueryResultsathena:RunQueryathena:GetWorkGroupathena:ListWorkGroupsathena:GetDataCatalogathena:ListDataCatalogs

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "athena:GetQueryExecution",
        "athena:GetQueryResults",
        "athena:RunQuery",
        "athena:GetWorkGroup",
        "athena:ListWorkGroups",
        "athena:GetDataCatalog",
        "athena:ListDataCatalogs"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid athena:* — grants full control including creating, updating, and deleting workgroups and data catalogs.
Avoid athena:RunQuery without resource restrictions — can run arbitrary queries that may incur high costs.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/athena/athena.json ↗

API

full doc /v1/iam/athena