Capacity reservation example policies

This section includes example policies you can use to enable various actions on capacity reservations. Whenever you use IAM policies, make sure that you follow IAM best practices. For more information, see Security best practices in IAM in the IAM User Guide.

A capacity reservation is an IAM resource managed by Athena. Therefore, if your capacity reservation policy uses actions that take capacity-reservation as an input, you must specify the capacity reservation's ARN as follows:


"Resource": [arn:aws:athena:<region>:<user-account>:capacity-reservation/<capacity-reservation-name>]

Where <capacity-reservation-name> is the name of your capacity reservation. For example, for a capacity reservation named test_capacity_reservation, specify it as a resource as follows:


"Resource": ["arn:aws:athena:us-east-1:123456789012:capacity-reservation/test_capacity_reservation"]

For a complete list of Amazon Athena actions, see the API action names in the Amazon Athena API Reference. For more information about IAM policies, see Creating policies with the visual editor in the IAM User Guide.

Example policy to list capacity reservations
Example policy for management operations

Example policy to list capacity reservations

The following policy allows all users to list all capacity reservations.


{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "athena:ListCapacityReservations" 
            ], 
            "Resource": "*" 
        } 
    ] 
}

Example policy for management operations

The following policy allows a user to create, cancel, obtain details, and update the capacity reservation test_capacity_reservation. The policy also allows a user to assign workgroupA and workgroupB to test_capacity_reservation.


{ 
   "Version":"2012-10-17", 
   "Statement":[ 
      { 
         "Effect": "Allow", 
         "Action": [ 
             "athena:CreateCapacityReservation", 
             "athena:GetCapacityReservation", 
             "athena:CancelCapacityReservation", 
             "athena:UpdateCapacityReservation", 
             "athena:GetCapacityAssignmentConfiguration", 
             "athena:PutCapacityAssignmentConfiguration" 
         ], 
         "Resource": [ 
             "arn:aws:athena:us-east-1:123456789012:capacity-reservation/test_capacity_reservation", 
             "arn:aws:athena:us-east-1:123456789012:workgroup/workgroupA", 
             "arn:aws:athena:us-east-1:123456789012:workgroup/workgroupB" 
         ] 
      } 
   ] 
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

IAM policies for capacity reservations

Athena capacity reservation APIs