Access denied when writing to location: s3://[bucket]/queryDailyInventory/Unsaved/2019/07/10/4da06507-a43f-4db0-bd46-81660e58fe35.txt

This query ran against the "default" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: 4da06507-a43f-4db0-bd46-81660e58fe35.

大家好

以上是完整的报错信息，除删除了包含一些隐私信息的bucket name外，其他没有变化。这个存储桶是公共(public)的，我已经通过创建文件和文件夹来展示我对该存储桶的写入权限。但是，我的雅典娜查询设置为写入此文件夹(使用雅典娜控制台右上角的设置)。顺便说一下，我的 athena 控制台设置为 eu-west-1 以匹配存储桶的位置。

最佳答案

问:您用来访问 Athena 的政策如何？

Athena 可能需要对存储桶的简单 PutItem 写访问权限，如文档中所述。 [1]

托管策略 AmazonAthenaFullAccess 包含以下语句:

{
    "Effect": "Allow",
    "Action": [
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload",
        "s3:CreateBucket",
        "s3:PutObject"
    ],
    "Resource": [
        "arn:aws:s3:::aws-athena-query-results-*"
    ]
},
{
    "Effect": "Allow",
    "Action": [
        "s3:GetObject",
        "s3:ListBucket"
    ],
    "Resource": [
        "arn:aws:s3:::athena-examples*"
    ]
},
{
    "Effect": "Allow",
    "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
    ],
    "Resource": [
        "*"
    ]
}

注意:请根据您的bucket ARN调整资源名称(最后一条除外)。

引用资料

[1] https://docs.aws.amazon.com/athena/latest/ug/amazonathenafullaccess-managed-policy.html

关于amazon-web-services - 为什么 Amazon Athena 会抛出 "Access denied when writing to location"错误？，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/57006423/