From 512f621fbee8f447632b7878bde42f89ae734994 Mon Sep 17 00:00:00 2001
From: Ayman <enkhalifapro@gmail.com>
Date: Thu, 20 Apr 2023 20:17:12 +0200
Subject: [PATCH 1/2] add query athena policy to tasks

Signed-off-by: Ayman <enkhalifapro@gmail.com>
---
 deploy/prod/main.tf | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/deploy/prod/main.tf b/deploy/prod/main.tf
index dee3c0e..d7e8648 100644
--- a/deploy/prod/main.tf
+++ b/deploy/prod/main.tf
@@ -1256,3 +1256,32 @@ resource "aws_iam_role_policy_attachment" "attach-describe-tasks" {
   role       = aws_iam_role.ecs_task_role.name
   policy_arn = aws_iam_policy.describe_insights_tasks.arn
 }
+
+data "aws_iam_policy_document" "athena_query" {
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    actions   = [
+      "athena:StartQueryExecution",
+      "athena:StopQueryExecution",
+      "athena:GetQueryExecution",
+      "athena:GetQueryResults",
+      "athena:GetDataCatalog",
+      "athena:GetWorkGroup",
+    ]
+    resources = [
+      "arn:aws:athena:*:${var.eg_account_id}:workgroup/*"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "athena_query" {
+  name        = "executeAthenaQuery"
+  description = "Policy allows query athena"
+  policy      = data.aws_iam_policy_document.athena_query.json
+}
+
+resource "aws_iam_role_policy_attachment" "attach-query-athena" {
+  role       = aws_iam_role.ecs_task_role.name
+  policy_arn = aws_iam_policy.athena_query.arn
+}

From 131cd86f6e694cd14606545974061de32a163c54 Mon Sep 17 00:00:00 2001
From: Ayman <enkhalifapro@gmail.com>
Date: Thu, 20 Apr 2023 21:53:27 +0200
Subject: [PATCH 2/2] test changes

Signed-off-by: Ayman <enkhalifapro@gmail.com>
---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4de8f15..7d52487 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -112,7 +112,7 @@ workflows:
             - development
           filters:
             branches:
-              only: main
+              only: add-tasks-query-athena-policy #main
           requires:
             - validate_dev
       - validate_prod: