Amazon Athena Sources > Before you begin > Verify permissions

Verify permissions

To extract metadata and to configure other capabilities that a catalog source might include, you need account access and permissions on the source system. The permissions required might vary depending on the capability.

Permissions to extract metadata

To extract metadata, you need account access and permissions to the Amazon Athena source system.

Amazon Athena uses Amazon S3 buckets to store query results.

Grant the following Identity and Access Management (IAM) permissions to the user for the INFORMATION_SCHEMA database and all user-defined databases that you want to scan:

glue:GetDatabases
glue:GetDatabase
glue:GetTables
glue:GetTable

Grant the following IAM permissions to the user to create, manage, execute, and delete prepared statements in Amazon Athena :

athena:CreatePreparedStatement
athena:StartQueryExecution
athena:GetQueryResultsStream
athena:GetQueryResults
athena:GetDatabase
athena:GetDataCatalog
athena:DeletePreparedStatement
athena:GetPreparedStatement
athena:ListDatabases
athena:StopQueryExecution
athena:GetQueryExecution
athena:ListDataCatalogs

Grant the following IAM permissions to the user to perform operations on Amazon S3 buckets:

s3:PutObject
s3:GetObject
s3:GetBucketLocation

Grant permissions that allow you to perform the following operations:

•select on INFORMATION_SCHEMA.SCHEMATA
•show tables

Permissions to run data profiles

You can run profiles with the permissions required on the source system to perform metadata extraction.

Permissions to run data classification

You can perform data classification with the permissions required on the source system to perform metadata extraction.

Permissions to run glossary association

You can perform glossary association with the permissions required on the source system to perform metadata extraction.