File tree Expand file tree Collapse file tree
athena-s3vector-connector Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -33,6 +33,9 @@ Parameters:
3333 Description : " Lambda memory in MB (min 128 - 3008 max)."
3434 Default : 512
3535 Type : Number
36+ S3VectorBucketName :
37+ Description : " The name of the S3 vector bucket to query."
38+ Type : String
3639 DisableSpillEncryption :
3740 Description : " WARNING: If set to 'true' encryption for spilled data is disabled."
3841 Default : " false"
@@ -61,18 +64,27 @@ Resources:
6164 Resource : !Sub 'arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/*'
6265 Version : ' 2012-10-17'
6366
64- # S3 Vector read access
67+ # S3 Vector list access (account-wide)
6568 - Statement :
66- - Sid : AllowApplicationVectorAccess
69+ - Sid : AllowVectorListAccess
6770 Effect : Allow
6871 Action :
69- - s3vectors:GetIndex
7072 - s3vectors:ListIndexes
71- - s3vectors:QueryVectors
72- - s3vectors:GetVectors
7373 - s3vectors:ListVectors
7474 Resource : !Sub 'arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:*'
7575
76+ # S3 Vector data access (scoped to specific bucket and its indexes)
77+ - Statement :
78+ - Sid : AllowVectorDataAccess
79+ Effect : Allow
80+ Action :
81+ - s3vectors:GetIndex
82+ - s3vectors:QueryVectors
83+ - s3vectors:GetVectors
84+ Resource :
85+ - !Sub ' arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:vector-bucket/${S3VectorBucketName}'
86+ - !Sub ' arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:vector-bucket/${S3VectorBucketName}/*'
87+
7688 # S3CrudPolicy allows our connector to spill large responses to S3. You can optionally replace this pre-made policy
7789 # with one that is more restrictive and can only 'put' but not read,delete, or overwrite files.
7890 - S3CrudPolicy :
You can’t perform that action at this time.
0 commit comments