From 4d70c35c31f744029f2569a47c93e77436c867ed Mon Sep 17 00:00:00 2001
From: Petro Kashlikov <42810169+petrokashlikov@users.noreply.github.com>
Date: Wed, 27 Nov 2024 01:43:33 -0500
Subject: [PATCH] Fix CIDExecRole permissions to allow Athena table delete
 (#1047)

---
 cfn-templates/cid-cfn.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cfn-templates/cid-cfn.yml b/cfn-templates/cid-cfn.yml
index ffcaf694..d30ad7af 100644
--- a/cfn-templates/cid-cfn.yml
+++ b/cfn-templates/cid-cfn.yml
@@ -1450,6 +1450,11 @@ Resources:
                       - NeedDatabase
                       - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table/${CidDatabase}/*
                       - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table/${DatabaseName}/*
+                  - Fn::If:
+                      - NeedDatabase
+                      - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database/${CidDatabase}
+                      - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database/${DatabaseName}
+                  - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:catalog
               - Effect: Allow
                 Action:
                   - s3:CreateBucket