If when using using Athena from a notebook, you get the following permissions error: An error occurred (AccessDeniedException) when calling the StartQueryExecution operation: User: arn:aws:sts::055102001469:assumed-role/sagemaker-notebook-instance-role/SageMaker is not authorized to perform: athena:StartQueryExecution on resource: arn:aws:athena:us-east-1:055102001469:workgroup/primary because no identity-based policy allows the athena:StartQueryExecution action then you need to update your IAM permissions.
- Go to IAM, and click on Roles.
- Search for the
sagemaker-notebook-instance-rolefrom the error message. Select the role in blue.
- Click Add permissions then Create inline policy.
- Fill out the form as in the screen shot below to attach the permission to the Sagemaker Role. Click Review Policy
- Name your policy and click Create policy
- Confirm that the new policy is listed for the Sagemaker Role.
