AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Athena

Amazon Athena (service prefix: athena) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Athena

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
BatchGetNamedQuery Grants permissions to get information about one or more named queries. Read
BatchGetQueryExecution Grants permissions to get information about one or more query executions. Read
CancelQueryExecution Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StopQueryExecution otherwise. Write
CreateNamedQuery Grants permissions to create a named query. Write
DeleteNamedQuery Grants permissions to delete a named query specified. Write
GetCatalogs Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables. Read
GetExecutionEngine Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified database and table. Read
GetExecutionEngines Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables. Read
GetNamedQuery Grants permissions to get information about the specified named query. Read
GetNamespace Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified database and table. Read
GetNamespaces Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables. Read
GetQueryExecution Grants permissions to get information about the specified query execution. Read
GetQueryExecutions Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use ListQueryExecutions otherwise. Read
GetQueryResults Grants permissions to get the query results. Read
GetQueryResultsStream Grants permissions to get the query results stream. Read
GetTable Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified table. Read
GetTables Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to tables. Read
ListNamedQueries Grants permissions to return a list of named queries in Amazon Athena for the specified AWS account. List
ListQueryExecutions Grants permissions to return a list of query executions for the specified AWS account. List
RunQuery Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StartQueryExecution otherwise. Write
StartQueryExecution Grants permissions to start a query execution using an SQL query provided as a string. Write
StopQueryExecution Grants permissions to stop the specified query execution. Write

Resources Defined by Athena

Amazon Athena has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Athena

Athena has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.