https://github.com/dod-iac/terraform-aws-athena-iam-policy
IAM Policy that allows use of AWS Athena
https://github.com/dod-iac/terraform-aws-athena-iam-policy
athena aws iam terraform
Last synced: 7 months ago
JSON representation
IAM Policy that allows use of AWS Athena
- Host: GitHub
- URL: https://github.com/dod-iac/terraform-aws-athena-iam-policy
- Owner: dod-iac
- License: other
- Created: 2021-03-11T20:41:00.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-10-14T00:01:44.000Z (almost 4 years ago)
- Last Synced: 2025-01-21T08:44:53.529Z (9 months ago)
- Topics: athena, aws, iam, terraform
- Language: HCL
- Homepage: https://registry.terraform.io/modules/dod-iac/athena-iam-policy/aws
- Size: 9.77 KB
- Stars: 1
- Watchers: 5
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Usage
Creates an IAM policy that allows use of AWS Athena.
```hcl
module "athena_iam_policy" {
source = "dod-iac/athena-iam-policy/aws"
databases = [aws_glue_catalog_database.main.arn]
name = format("%s-athena-user-%s", var.application, var.environment)
result_buckets = [aws_s3_bucket.results.arn]
require_mfa = true
source_buckets = [aws_s3_bucket.source.arn]
source_keys = ["*"]
workgroups = [aws_athena_workgroup.main.arn]
}
```
## Terraform Version
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
## License
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.12 |
| [aws](#requirement\_aws) | >= 2.55.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 2.55.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_iam_policy.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allow\_delete\_named\_query](#input\_allow\_delete\_named\_query) | If true, allows the deletion of named queries. | `bool` | `false` | no |
| [databases](#input\_databases) | The ARNs of the databases that can be used. Use ["*"] to allow all databases. | `list(string)` | n/a | yes |
| [description](#input\_description) | The description of the AWS IAM policy. Defaults to "The policy for [NAME]." | `string` | `""` | no |
| [name](#input\_name) | The name of the AWS IAM policy. | `string` | n/a | yes |
| [require\_mfa](#input\_require\_mfa) | If true, actions require multi-factor authentication. | `string` | n/a | yes |
| [result\_buckets](#input\_result\_buckets) | The ARNs of the AWS S3 buckets the store the results of the Athena queries. Use ["*"] to allow all buckets. | `list(string)` | n/a | yes |
| [source\_buckets](#input\_source\_buckets) | The ARNs of the AWS S3 buckets that store the source data. Use ["*"] to allow all buckets. | `list(string)` | n/a | yes |
| [source\_keys](#input\_source\_keys) | The ARNs of the AWS KMS keys that can be used to decrypt source data files. Use ["*"] to allow all keys. | `list(string)` | `[]` | no |
| [workgroups](#input\_workgroups) | The ARNs of the AWS Athena workgroups that can be used. Use ["*"] to allow all workgroups. | `list(string)` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [arn](#output\_arn) | The Amazon Resource Name (ARN) of the AWS IAM policy. |
| [id](#output\_id) | The id of the AWS IAM policy. |
| [name](#output\_name) | The name of the AWS IAM policy. |