Hi team, in order to query Athena and update the catalog, a session has to be passed into the awswrangler SDK which will need to have a policy to allow it access to the AWS resources (athena,s3,glue). When running this from within the context of Metaflow, would I need to configure AWS CLI and setup the profile in that container to assume a role that has this policy attached, or can I just add this extra policy to an existing role as per the metaflow configuration (the json returned from the metaflow TF module). If I can attach to a role returned from the metaflow config which role will it be? Below are all the roles as created from the TF module (metaflow). I've highlighted the one I think I need to attach the extra policy too, but if you can point me in the right direction if will save trail and error time...