- PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Action:
          - s3:GetObject
          - s3:PutObject
          - s3:AbortMultipartUpload
          - s3:ListMultipartUploadParts
          - s3:DeleteObject
          Resource:
          - !Sub arn:aws:s3:::aws-cw-widget-athena-query-results-${AWS::AccountId}-${AWS::Region}/*
        - Effect: Allow
          Action:
          - s3:GetBucketLocation
          - s3:CreateBucket
          - s3:ListBucket
          - s3:ListBucketMultipartUploads
          - s3:DeleteObject
          Resource:
          - !Sub arn:aws:s3:::aws-cw-widget-athena-query-results-${AWS::AccountId}-${AWS::Region}
        - Effect: Allow
          Action:
          - athena:*
          Resource:
          - "*"
        - Effect: Allow
          Action:
          - s3:Get*
          - s3:List*
          Resource:
          - "*"
        - Effect: Allow
          Action:
          - glue:CreateDatabase
          - glue:DeleteDatabase
          - glue:GetDatabase
          - glue:GetDatabases
          - glue:UpdateDatabase
          - glue:CreateTable
          - glue:DeleteTable
          - glue:BatchDeleteTable
          - glue:UpdateTable
          - glue:GetTable
          - glue:GetTables
          - glue:BatchCreatePartition
          - glue:CreatePartition
          - glue:DeletePartition
          - glue:BatchDeletePartition
          - glue:UpdatePartition
          - glue:GetPartition
          - glue:GetPartitions
          - glue:BatchGetPartition
          Resource:
          - "*"
    PolicyName: athenaAccess