Using Glue Permissions

    We will now use glue model to access data from Athena:
  1. Login as glue-admin in Athena, this user can only see Prod database and table.
  2. Configure S3 bucket (lf-data-lake-bucket-athenaresults-[AccountID]) for Athena query
  3. Go to Saved Queries and select Prod-Query to run and view results. Now, try using Test-Query and you will get insufficient permissions message.
  4. Login as glue-dev-user in Athena, this user can only see Test database and table.
  5. Configure S3 bucket (lf-workshop-AccountID) for Athena query as you did for glue-admin.
  6. Go to Saved Queries and select Test-Query to run and view results. Try using Prod-Query and you will get insufficient permissions message.
  7. As an optional test, remove bucket permission for the users from data lake bucket and Athena query will fail. You will have to log as lf-admin to make changes to the bucket policy. Example: Remove glue-admin or glue-dev-user. Please put the policy back after you removed it. You will need it for rest of lab.
  8. You will see similar error as below after you run the Athena query.