AWS Athena - Can't add overture AWS Glue Catalog as datasource

Question

AWS Athena - Can't add overture AWS Glue Catalog as datasource

Closed this issue 3 months ago · 1 comments

Hey there,

we were following these docs to add overture as a datasource in Athena. However we were not able to add the datasource due to permission issues.

This is the permission error we are getting:

User: arn:aws:xxx is not authorized to perform: glue:GetDatabases on resource: arn:aws:glue:us-east-2:913550007193:catalog because no resource-based policy allows the glue:GetDatabases action (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: xxx; Proxy: null)

However we triple checked that we added these permissions (mentioned in the docs) to the specific user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:GetTable*",
        "glue:GetDatabase*",
        "glue:GetPartition*"
      ],
      "Resource": [
        "arn:aws:glue:us-west-2:913550007193:catalog",
        "arn:aws:glue:us-west-2:913550007193:database/release",
        "arn:aws:glue:us-west-2:913550007193:table/*"
      ]
    }
  ]
}

We also used the AWS IAM Permission Simulator to verify if these are issues on our end or on overture's end. Here the simulator verified, that the user should have permissions to access the catalog.

We therefore believe the issue might be on overtures end, but we're open for any tips to debug this further.

Any help would be much appreciated.

Many thanks

Answer 1 · 2024-07-03T11:49:40.000Z

Issue was related to having the wrong region selected (we had us-east-2).