diff --git a/athena-dynamodb/pom.xml b/athena-dynamodb/pom.xml
index be25a35646..074b8cddd5 100644
--- a/athena-dynamodb/pom.xml
+++ b/athena-dynamodb/pom.xml
@@ -13,7 +13,7 @@
software.amazon.awssdk
bom
- 2.25.60
+ 2.25.69
pom
import
diff --git a/athena-elasticsearch/pom.xml b/athena-elasticsearch/pom.xml
index a502e7ada2..883098eacd 100644
--- a/athena-elasticsearch/pom.xml
+++ b/athena-elasticsearch/pom.xml
@@ -154,7 +154,7 @@
org.elasticsearch.client
elasticsearch-rest-client
- 8.13.4
+ 8.14.0
diff --git a/athena-gcs/pom.xml b/athena-gcs/pom.xml
index cebe3b6b05..0b10c3a24d 100644
--- a/athena-gcs/pom.xml
+++ b/athena-gcs/pom.xml
@@ -75,7 +75,7 @@
com.google.cloud
google-cloud-storage
- 2.39.0
+ 2.40.0
diff --git a/athena-google-bigquery/pom.xml b/athena-google-bigquery/pom.xml
index 40b248e893..46fb976f8f 100644
--- a/athena-google-bigquery/pom.xml
+++ b/athena-google-bigquery/pom.xml
@@ -70,12 +70,12 @@
io.grpc
grpc-api
- 1.63.0
+ 1.64.0
com.google.cloud
google-cloud-resourcemanager
- 1.46.0
+ 1.47.0
nl.jqno.equalsverifier
diff --git a/athena-oracle/athena-oracle.yaml b/athena-oracle/athena-oracle.yaml
index b3abe7d8e6..2e097ac8a4 100644
--- a/athena-oracle/athena-oracle.yaml
+++ b/athena-oracle/athena-oracle.yaml
@@ -45,6 +45,10 @@ Parameters:
Description: 'Lambda memory in MB (min 128 - 3008 max).'
Default: 3008
Type: Number
+ LambdaRoleARN:
+ Description: "(Optional) A custom role to be used by the Connector lambda"
+ Type: String
+ Default: ""
DisableSpillEncryption:
Description: 'If set to ''false'' data spilled to S3 is encrypted with AES GCM'
Default: 'false'
@@ -63,6 +67,7 @@ Parameters:
Type: String
Conditions:
HasPermissionsBoundary: !Not [ !Equals [ !Ref PermissionsBoundaryARN, "" ] ]
+ NotHasLambdaRole: !Equals [!Ref LambdaRoleARN, ""]
HasSecurityGroups: !Not [ !Equals [ !Join ["", !Ref SecurityGroupIds], "" ] ]
HasSubnets: !Not [ !Equals [ !Join ["", !Ref SubnetIds], "" ] ]
Resources:
@@ -84,39 +89,71 @@ Resources:
Timeout: !Ref LambdaTimeout
MemorySize: !Ref LambdaMemory
PermissionsBoundary: !If [ HasPermissionsBoundary, !Ref PermissionsBoundaryARN, !Ref "AWS::NoValue" ]
- Policies:
- - Statement:
- - Action:
- - secretsmanager:GetSecretValue
- Effect: Allow
- Resource: !Sub 'arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretNamePrefix}*'
- Version: '2012-10-17'
- - Statement:
- - Action:
- - logs:CreateLogGroup
- Effect: Allow
- Resource: !Sub 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*'
- Version: '2012-10-17'
- - Statement:
+ Role: !If [NotHasLambdaRole, !GetAtt FunctionRole.Arn, !Ref LambdaRoleARN]
+ VpcConfig:
+ SecurityGroupIds: !If [ HasSecurityGroups, !Ref SecurityGroupIds, !Ref "AWS::NoValue" ]
+ SubnetIds: !If [ HasSubnets, !Ref SubnetIds, !Ref "AWS::NoValue" ]
+
+ FunctionRole:
+ Condition: NotHasLambdaRole
+ Type: AWS::IAM::Role
+ Properties:
+ ManagedPolicyArns:
+ - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service:
+ - lambda.amazonaws.com
+ Action:
+ - "sts:AssumeRole"
+ FunctionExecutionPolicy:
+ Condition: NotHasLambdaRole
+ Type: "AWS::IAM::Policy"
+ Properties:
+ Roles:
+ - !Ref FunctionRole
+ PolicyName: FunctionExecutionPolicy
+ PolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Action:
+ - secretsmanager:GetSecretValue
+ Effect: Allow
+ Resource: !Sub 'arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretNamePrefix}*'
+ - Action:
+ - logs:CreateLogGroup
+ Effect: Allow
+ Resource: !Sub 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*'
- Action:
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource: !Sub 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${LambdaFunctionName}:*'
- Version: '2012-10-17'
- - Statement:
- Action:
- athena:GetQueryExecution
- s3:ListAllMyBuckets
Effect: Allow
Resource: '*'
- Version: '2012-10-17'
- #S3CrudPolicy allows our connector to spill large responses to S3. You can optionally replace this pre-made policy
- #with one that is more restrictive and can only 'put' but not read,delete, or overwrite files.
- - S3CrudPolicy:
- BucketName: !Ref SpillBucket
- #VPCAccessPolicy allows our connector to run in a VPC so that it can access your data source.
- - VPCAccessPolicy: {}
- VpcConfig:
- SecurityGroupIds: !If [ HasSecurityGroups, !Ref SecurityGroupIds, !Ref "AWS::NoValue" ]
- SubnetIds: !If [ HasSubnets, !Ref SubnetIds, !Ref "AWS::NoValue" ]
\ No newline at end of file
+ - Action:
+ - s3:GetObject
+ - s3:ListBucket
+ - s3:GetBucketLocation
+ - s3:GetObjectVersion
+ - s3:PutObject
+ - s3:PutObjectAcl
+ - s3:GetLifecycleConfiguration
+ - s3:PutLifecycleConfiguration
+ - s3:DeleteObject
+ Effect: Allow
+ Resource:
+ - Fn::Sub:
+ - arn:${AWS::Partition}:s3:::${bucketName}
+ - bucketName:
+ Ref: SpillBucket
+ - Fn::Sub:
+ - arn:${AWS::Partition}:s3:::${bucketName}/*
+ - bucketName:
+ Ref: SpillBucket
\ No newline at end of file
diff --git a/athena-redshift/pom.xml b/athena-redshift/pom.xml
index b629315c7a..119452ecc3 100644
--- a/athena-redshift/pom.xml
+++ b/athena-redshift/pom.xml
@@ -23,7 +23,7 @@
com.amazon.redshift
redshift-jdbc42
- 2.1.0.28
+ 2.1.0.29
com.amazonaws
diff --git a/athena-snowflake/pom.xml b/athena-snowflake/pom.xml
index ac2fbf7bcb..64c4ad805c 100644
--- a/athena-snowflake/pom.xml
+++ b/athena-snowflake/pom.xml
@@ -30,7 +30,7 @@
net.snowflake
snowflake-jdbc
- 3.16.0
+ 3.16.1
diff --git a/athena-synapse/pom.xml b/athena-synapse/pom.xml
index 231460d39b..59ffd7f7e1 100644
--- a/athena-synapse/pom.xml
+++ b/athena-synapse/pom.xml
@@ -35,7 +35,7 @@
com.microsoft.azure
msal4j
- 1.15.0
+ 1.15.1
com.fasterxml.jackson.datatype
diff --git a/pom.xml b/pom.xml
index 8448918a73..c40eec0189 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,11 +14,11 @@
11
3.13.0
- 1.12.730
+ 1.12.739
1.2.2
1.6.0
1.204.0
- 1.98.0
+ 1.99.0
2.0.13
4.11.0
@@ -31,7 +31,7 @@
3.2.5
2.23.1
13.0.0
- 33.2.0-jre
+ 33.2.1-jre
3.25.3
4.3.4
2.15
@@ -41,10 +41,10 @@
3.2.1
1.19.0
- 3.3.1
- 3.5.3
+ 3.4.0
+ 3.6.0
3.3.1
- 3.6.3
+ 3.7.0
3.4.1
none
@@ -425,7 +425,7 @@
org.sonatype.plugins
nexus-staging-maven-plugin
- 1.6.13
+ 1.7.0
true
ossrh