From 9fb78901d50e4889267b635193fdb6ba3795244f Mon Sep 17 00:00:00 2001 From: Petro Kashlikov Date: Wed, 27 Nov 2024 01:06:50 -0500 Subject: [PATCH] Fix CIDExecRole permissions to allow Athena table delete --- cfn-templates/cid-cfn.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cfn-templates/cid-cfn.yml b/cfn-templates/cid-cfn.yml index ffcaf694..d30ad7af 100644 --- a/cfn-templates/cid-cfn.yml +++ b/cfn-templates/cid-cfn.yml @@ -1450,6 +1450,11 @@ Resources: - NeedDatabase - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table/${CidDatabase}/* - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table/${DatabaseName}/* + - Fn::If: + - NeedDatabase + - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database/${CidDatabase} + - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database/${DatabaseName} + - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:catalog - Effect: Allow Action: - s3:CreateBucket