Cross account Athena DB access

Question

Is it possible to access Athena from another account in AWS?

For example: Athena set up in Account A

lambda set up in Account B

can the lambda or any service in Account B obtain access to Athena in Account A via jdbc connection?

Connection connection = DriverManager.getConnection("jdbc:athena:default", properties)) 

I cant see how this would be possible?

Answer 1

To enable an AWS Lambda function in Account-A to use Amazon Athena in Account-B, you should:

• Create an IAM Role in Account-B and:
  • Grant it permission to use Amazon Athena
  • Grant it permission to use Amazon S3 (since Athena requires the user submitting the query to have access to the data in S3)
  • Modify the Trust policy to permit AssumeRole from the IAM Role used by the AWS Lambda function in Account-A
• Add code to your AWS Lambda function that calls AssumeRole() to assume the above IAM Role, then use the returned credentials to access Amazon Athena in Account-B

See also: Cross-account access in Athena to Amazon S3 buckets - Amazon Athena