|
170 | 170 | } |
171 | 171 | } |
172 | 172 | }, |
| 173 | + "AthenaQueryPolicy_v2": { |
| 174 | + "Definition": { |
| 175 | + "Statement": [ |
| 176 | + { |
| 177 | + "Action": [ |
| 178 | + "athena:ListWorkGroups", |
| 179 | + "athena:GetWorkGroup", |
| 180 | + "athena:GetExecutionEngines", |
| 181 | + "athena:GetDatabase", |
| 182 | + "athena:ListDataCatalogs", |
| 183 | + "athena:ListDatabases", |
| 184 | + "athena:ListTableMetadata", |
| 185 | + "athena:GetTableMetadata" |
| 186 | + ], |
| 187 | + "Effect": "Allow", |
| 188 | + "Resource": "*" |
| 189 | + }, |
| 190 | + { |
| 191 | + "Action": [ |
| 192 | + "glue:GetDatabases", |
| 193 | + "glue:GetDatabase", |
| 194 | + "glue:GetTables", |
| 195 | + "glue:GetTable" |
| 196 | + ], |
| 197 | + "Effect": "Allow", |
| 198 | + "Resource": [ |
| 199 | + "arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:catalog", |
| 200 | + { |
| 201 | + "Fn::Sub": [ |
| 202 | + "arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database/${databaseName}", |
| 203 | + { |
| 204 | + "databaseName": { |
| 205 | + "Ref": "DatabaseName" |
| 206 | + } |
| 207 | + } |
| 208 | + ] |
| 209 | + }, |
| 210 | + { |
| 211 | + "Fn::Sub": [ |
| 212 | + "arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table/${databaseName}/${tableName}", |
| 213 | + { |
| 214 | + "databaseName": { |
| 215 | + "Ref": "DatabaseName" |
| 216 | + }, |
| 217 | + "tableName": { |
| 218 | + "Ref": "TableName" |
| 219 | + } |
| 220 | + } |
| 221 | + ] |
| 222 | + } |
| 223 | + ] |
| 224 | + }, |
| 225 | + { |
| 226 | + "Action": [ |
| 227 | + "athena:StartQueryExecution", |
| 228 | + "athena:GetQueryResults", |
| 229 | + "athena:DeleteNamedQuery", |
| 230 | + "athena:GetNamedQuery", |
| 231 | + "athena:ListQueryExecutions", |
| 232 | + "athena:StopQueryExecution", |
| 233 | + "athena:GetQueryResultsStream", |
| 234 | + "athena:ListNamedQueries", |
| 235 | + "athena:CreateNamedQuery", |
| 236 | + "athena:GetQueryExecution", |
| 237 | + "athena:BatchGetNamedQuery", |
| 238 | + "athena:BatchGetQueryExecution", |
| 239 | + "athena:GetWorkGroup" |
| 240 | + ], |
| 241 | + "Effect": "Allow", |
| 242 | + "Resource": { |
| 243 | + "Fn::Sub": [ |
| 244 | + "arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/${workgroupName}", |
| 245 | + { |
| 246 | + "workgroupName": { |
| 247 | + "Ref": "WorkGroupName" |
| 248 | + } |
| 249 | + } |
| 250 | + ] |
| 251 | + } |
| 252 | + } |
| 253 | + ] |
| 254 | + }, |
| 255 | + "Description": "Gives permissions to execute Athena queries", |
| 256 | + "Parameters": { |
| 257 | + "DatabaseName": { |
| 258 | + "Description": "Name of the Glue Database" |
| 259 | + }, |
| 260 | + "TableName": { |
| 261 | + "Description": "Name of the Glue Table" |
| 262 | + }, |
| 263 | + "WorkGroupName": { |
| 264 | + "Description": "Name of the Athena Workgroup" |
| 265 | + } |
| 266 | + } |
| 267 | + }, |
173 | 268 | "CloudFormationDescribeStacksPolicy": { |
174 | 269 | "Definition": { |
175 | 270 | "Statement": [ |
|
0 commit comments