From 2fcced6db9d30228c421d0773c8249c889cd0d9f Mon Sep 17 00:00:00 2001
From: Mayuri Nehate <33225191+mayurinehate@users.noreply.github.com>
Date: Thu, 5 Oct 2023 09:31:57 +0530
Subject: [PATCH] docs(ingest): add permissions required for athena ingestion
 (#8948)

---
 .../docs/sources/athena/athena_pre.md         | 72 +++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 metadata-ingestion/docs/sources/athena/athena_pre.md

diff --git a/metadata-ingestion/docs/sources/athena/athena_pre.md b/metadata-ingestion/docs/sources/athena/athena_pre.md
new file mode 100644
index 0000000000000..a56457d3f84fc
--- /dev/null
+++ b/metadata-ingestion/docs/sources/athena/athena_pre.md
@@ -0,0 +1,72 @@
+### Prerequisities
+
+In order to execute this source, you will need to create a policy with below permissions and attach it to the the aws role or credentials used in ingestion recipe.
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VisualEditor0",
+      "Effect": "Allow",
+      "Action": [
+        "athena:GetTableMetadata", 
+        "athena:StartQueryExecution", 
+        "athena:GetQueryResults", 
+        "athena:GetDatabase", 
+        "athena:ListDataCatalogs",
+        "athena:GetDataCatalog", 
+        "athena:ListQueryExecutions", 
+        "athena:GetWorkGroup", 
+        "athena:StopQueryExecution", 
+        "athena:GetQueryResultsStream", 
+        "athena:ListDatabases", 
+        "athena:GetQueryExecution", 
+        "athena:ListTableMetadata", 
+        "athena:BatchGetQueryExecution", 
+        "glue:GetTables", 
+        "glue:GetDatabases", 
+        "glue:GetTable",
+        "glue:GetDatabase",
+        "glue:SearchTables",
+        "glue:GetTableVersions",
+        "glue:GetTableVersion",
+        "glue:GetPartition", 
+        "glue:GetPartitions", 
+        "s3:GetObject",
+        "s3:ListBucket",
+        "s3:GetBucketLocation",
+      ],
+      "Resource": [
+        "arn:aws:athena:${region-id}:${account-id}:datacatalog/*",
+        "arn:aws:athena:${region-id}:${account-id}:workgroup/*",
+        "arn:aws:glue:${region-id}:${account-id}:tableVersion/*/*/*",
+        "arn:aws:glue:${region-id}:${account-id}:table/*/*", 
+        "arn:aws:glue:${region-id}:${account-id}:catalog", 
+        "arn:aws:glue:${region-id}:${account-id}:database/*", 
+        "arn:aws:s3:::${datasets-bucket}",
+        "arn:aws:s3:::${datasets-bucket}/*"
+      ]
+    },
+    {
+      "Sid": "VisualEditor1",
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:ListBucketMultipartUploads",
+        "s3:AbortMultipartUpload",
+        "s3:ListBucket",
+        "s3:GetBucketLocation",
+        "s3:ListMultipartUploadParts"
+      ],
+      "Resource": [
+        "arn:aws:s3:::${athena-query-result-bucket}/*",
+        "arn:aws:s3:::${athena-query-result-bucket}"
+      ]
+    },
+  ]
+}
+```
+
+Replace `${var}` with appropriate values as per your athena setup.
\ No newline at end of file