I am using DMS to replicate my data into a S3 bucket and reading that data after filtering and creating a separate database per 'USERID' on AWS Athena. I want to give my clients access to only their USERID so that they can query only there data and not be able to view or see other databases on Athena. Wanted to know how to achieve this. I tried to create IAM permissions/roles but I am still able to see all databases in the data catalogue and query them. Please help
Thank you
Create a policy
{
"Effect": "Allow",
"Action": [
"glue:GetDatabase",
"glue:GetTables"
],
"Resource": [
"arn:aws:glue:XXX:XXX:catalog",
"arn:aws:glue:XXX:XXX:database/example_db",
"arn:aws:glue:XXX:XXX:table/example_db/*"
]
}
And attach this policy to the user role (user belongs). Once you attach this policy to the user role, he will only able to see the tables of example_db database. If you don't want to give whole db access then remove "*" and provide a specific table name.
Also, make sure there is no other permission given to the user or his group. Better to create a new role for that user and attach the policy.