Skip to main content

Updating AWS Athena Permissions

Update AWS Athena permissions with data access (enabling observability features)

Updated this week

Estimated time: ~3 minutes
​Prerequisite: An existing Foundational CloudFormation stack must already be deployed.

Permissions: You need AWS IAM permissions to create roles and deploy CloudFormation stacks.

Updating Athena access using AWS CloudFormation

This step is needed for enabling observability features

  1. Get the updated CloudFormation YAML File from he Foundational support team.

    1. Find the existing stack (e.g. "FoundationalAppAccess") and click on it.

    2. Click "Update stack" (top right), then choose "Make a direct update".

    3. Under "Prerequisite - Prepare template" select "Replace existing template".

    4. Under "Specify template" select "Upload a template file" and upload the YAML file. Click Next.

    5. In the "Specify stack details" step - Click Next.

    6. Under "Capabilities" check-in "I acknowledge that AWS CloudFormation might create IAM resources with custom names.". Click Next.

    7. At the bottom of the page - click Submit.

  2. The stack update might take up to a minute on AWS. You can follow the status on CloudFormation stacks page.

Foundational requests access to the following:

  • AWS Glue – Read metadata from databases, tables, and partitions.

  • AWS Athena – Execute queries to retrieve metadata, analyze query history, and run data quality checks (as defined in Foundational monitor settings)

  • Amazon S3 –

    • Write access to S3 specific path for query results.

    • Read access to specific S3 buckets/folders that contain data relevant for observability features.

Did this answer your question?