Should Quicksight Need Access to the S3 Bucket Athena Is Querying?

1
votes

I have set up a reporting stack using data stored in S3, schema mapped by AWS Glue, queried by Amazon Athena, and visualized in Amazon QuickSight.

I gave QuickSight permissions to access the three aws-athena-query-results buckets I have (see below) enter image description here However, when I try to build reports based on my Athena table, it throws an error. I went back in and explicitly gave it access to the S3 bucket that holds my raw data, and now I have visualizations.

My question is whether or not this is how it should need to be set up. My assumption was that Athena has access to S3, and QuickSight has access to Athena and it's results, so it shouldn't need direct access to each S3 bucket storing raw data. It seems it would generate a lot of overhead each time there is a new S3 bucket to be reported on that you need to go grant Athena and QuickSight access.

From reading this page: Troubleshoot Athena Insufficient Permissions, it's unclear which buckets are required.

1
amazon-web-servicesamazon-athenaamazon-quicksight
I know the post is little old, I wan't to know can we configure Quicksight to use an existing bucket, instead of creating a new one in S3. In my case it is trying to create a new bucket in S3 which is not allowed for my account and its throwing error...Naveen Yadav
Here's the link to my issue - stackoverflow.com/questions/68677477/…Naveen Yadav

1 Answers

0
votes

Yes, at the moment, QuickSight needs to be granted explicit access to both Athena and the underlying buckets that Athena accesses. I got this answer from discussion with Amazon so, unfortunately, I don't have source to link.