From 151334aac1e85e4c6b7ec8a072b69701c008b9ad Mon Sep 17 00:00:00 2001
From: Bruno Ferreira <bmibferreira@gmail.com>
Date: Mon, 26 Aug 2024 20:52:18 +0100
Subject: [PATCH] Adds missing `glue:GetCatalogImportStatus` (#41388)

Seems that `glue:GetCatalogImportStatus` is also needed for the integration with Amazon Athena because there's multiple AccessDenied on cloudtrail if this permission is missing:
```
{
    "eventVersion": "1.09",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "***********************",
        "arn": "arn:aws:iam::*************:user/metabase",
        "accountId": "**********************",
        "accessKeyId": "*******************",
        "userName": "metabase"
    },
    "eventTime": "2024-04-11T08:29:00Z",
    "eventSource": "glue.amazonaws.com",
    "eventName": "GetCatalogImportStatus",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "***********",
    "userAgent": "DriverVersion/02.00.35.1001/JDBCVersion/4.2/PluginName/IAM, aws-sdk-java/1.12.339 Linux/5.10.213-201.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.22+7 java/11.0.22 clojure/1.11.1 vendor/Eclipse_Adoptium cfg/retry-mode/legacy",
    "errorCode": "AccessDenied",
    "errorMessage": "An unknown error occurred",
    "requestParameters": null,
    "responseElements": null,
    "requestID": "*************************************",
    "eventID": "*************************************",
    "readOnly": true,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "*************************************",
    "eventCategory": "Management",
    "tlsDetails": {
        "tlsVersion": "TLSv1.3",
        "cipherSuite": "TLS_AES_128_GCM_SHA256",
        "clientProvidedHostHeader": "glue.eu-west-1.amazonaws.com"
    }
}
```
---
 docs/databases/connections/athena.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/databases/connections/athena.md b/docs/databases/connections/athena.md
index c174f27260d..1f3a6ad9750 100644
--- a/docs/databases/connections/athena.md
+++ b/docs/databases/connections/athena.md
@@ -208,7 +208,8 @@ If Metabase also needs to create tables, you'll need additional AWS Glue permiss
         "glue:DeleteTable",
         "glue:CreatePartition",
         "glue:DeletePartition",
-        "glue:UpdatePartition"
+        "glue:UpdatePartition",
+        "glue:GetCatalogImportStatus",
       ],
       "Resource": "*"
     }
-- 
GitLab