Ami*_*mir 8 amazon-web-services aws-lambda
我在 AWS Athena 上创建了一个表,可以在其中运行任何查询而不会出现任何错误:
select * from mytestdb.test
该表有三列,customer_Id, product_Id, price。
我尝试创建一个 lambda 函数,使用 boto3 为我运行相同的查询:
import time
import boto3
DATABASE = 'mytestdb'
TABLE = 'test'
output='s3://mybucketons3/'
COLUMN = 'Customer_Id'
def lambda_handler(event, context):
keyword = 'xyz12345'
query = "SELECT * FROM %s.%s where %s = '%s';" % (DATABASE, TABLE, COLUMN, keyword)
client = boto3.client('athena')
# Execution
response = client.start_query_execution(
QueryString=query,
QueryExecutionContext={
'Database': DATABASE
},
ResultConfiguration={
'OutputLocation': output,
}
)
return
但是我收到以下错误:
Response:
{
"errorMessage": "An error occurred (AccessDeniedException) when calling the StartQueryExecution operation: User: arn:aws:sts::076088932150:assumed-role/Test/QueryTest is not authorized to perform: athena:StartQueryExecution on resource: arn:aws:athena:us-west-2:076088932150:workgroup/primary",
"errorType": "ClientError",
这似乎是访问问题,但我不确定为什么,因为我有 lambda 和 athena db 使用相同的帐户。
正如我在评论中提到的,您的 Lambda 角色应包含允许与 Athena 服务交互的策略。我还为您的 S3 存储桶添加了完整权限。例子:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1547414166585",
"Action": [
"athena:StartQueryExecution"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "Stmt1547414166586",
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}
| 归档时间: |
|
| 查看次数: |
21124 次 |
| 最近记录: |