Estimated time: ~3 minutes
βPrerequisite: An existing Foundational CloudFormation stack must already be deployed.
Permissions: You need AWS IAM permissions to create roles and deploy CloudFormation stacks.
Updating Athena access using AWS CloudFormation
This step is needed for enabling observability features
Get the updated CloudFormation YAML File from he Foundational support team.
Find the existing stack (e.g. "FoundationalAppAccess") and click on it.
Click "Update stack" (top right), then choose "Make a direct update".
Under "Prerequisite - Prepare template" select "Replace existing template".
Under "Specify template" select "Upload a template file" and upload the YAML file. Click Next.
In the "Specify stack details" step - Click Next.
Under "Capabilities" check-in "I acknowledge that AWS CloudFormation might create IAM resources with custom names.". Click Next.
At the bottom of the page - click Submit.
The stack update might take up to a minute on AWS. You can follow the status on CloudFormation stacks page.
Foundational requests access to the following:
AWS Glue β Read metadata from databases, tables, and partitions.
AWS Athena β Execute queries to retrieve metadata, analyze query history, and run data quality checks (as defined in Foundational monitor settings)
Amazon S3 β
Write access to S3 specific path for query results.
Read access to specific S3 buckets/folders that contain data relevant for observability features.