Why awswrangler.athena.read_sql_query needs glue:DeleteTable and glue:GetDatabase permissions?

[ezitofilho]

I'm trying to do a query that does the following:
import awswrangler as wr
df = wr.athena.read_sql_query(sql=sql_query database=database, s3_output=s3_query_output_path, ctas_approach=False)

When I try with ctas_approach=False, I get an error of lack of glue:GetDatabase permission. Without it, I get the error of: glue:DeleteTable

I'm running this code on AWS Lambda with layer arn:aws:lambda:eu-west-1:336392948345:layer:AWSSDKPandas-Python311:18

Is there anything I can do to avoid giving those permissions? I thought this issue was solved in this ticket: #782

Thanks.

[jaidisido]

The Athena StartQueryExecution indeed requires glue:GetDatabase IAM permission.

When setting ctas_approach=True, a temporary ctas_table is created and is deleted at the end of the API call which does require a glue:DeleteTable permission.