Athena

Steps to prepare and connect to Athena

Lightup account setup

  1. Create a new IAM user, and enable Programmatic Access.

    Create a new Athena user account

  2. Select Attach existing policies directly, then Create policy.

    Create a new Athena policy

  3. Use the following template to create the new policy:

❗️

Please replace the following template values with your own data.

  • Replace 000000000000 with your own ID.
  • Change any mention of us-west-2 that's incorrect to the AWS region that applies.
  • Replace athena-s3-result-dir with your actual S3 path.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "athena:GetTableMetadata",
        "athena:StartQueryExecution",
        "athena:GetQueryResultsStream",
        "glue:GetTable",
        "glue:GetTables",
        "athena:GetQueryResults",
        "athena:GetDatabase",
        "athena:GetDataCatalog",
        "athena:GetNamedQuery",
        "athena:ListTagsForResource",
        "athena:ListQueryExecutions",
        "athena:ListNamedQueries",
        "glue:GetDatabase",
        "athena:GetWorkgroup",
        "athena:ListDatabases",
        "athena:StopQueryExecution",
        "athena:GetQueryExecution",
        "athena:BatchGetNamedQuery",
        "athena:ListTableMetadata",
        "athena:BatchGetQueryExecution"
      ],
      "Resource": [
        "arn:aws:glue:us-west-2:000000000000:catalog",
        "arn:aws:glue:us-west-2:000000000000:database/db1",
        "arn:aws:glue:us-west-2:000000000000:database/db2",
        "arn:aws:glue:us-west-2:000000000000:database/db1/*",
        "arn:aws:glue:us-west-2:000000000000:database/db2/*",
        "arn:aws:athena:us-west-2:000000000000:workgroup/primary",
        "arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "athena:ListDataCatalogs",
        "athena:ListWorkGroups"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
        "s3:GetObject"
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]/*"
      ]
    }
  ]
}
  1. Name the policy and attach the policy to the user.

    • Name the policy athena-read-only, then select Create policy.
800
  • Select the athena-read-only policy, then select Attach existing policies directly.
1600
  1. Finish the Add User dialog.

📘

Workgroup support

Lightup supports Athena workgroups, which can help you manage costs and performance. A workgroup must be in place before you connect to the Athena datasource in Lightup— you can't add a workgroup to an existing datasource.

Connector setting

  • Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2". Read more about Athena Regions.
  • Access Key ID - You'll receive the Access Key ID when you create the new user.
  • Secret Access Key - You'll receive the Secret Access Key when you create the new user.
  • Staging Directory - Enter lightup-athena-staging.
  • Workgroup - If needed, enter a specific Athena workgroup to connect to.

Advanced/Schema scan frequency

You can adjust how often scans run for a datasource.

  • In section 3 - Advanced, select a value for Schema scan frequency: Hourly, Daily, or Weekly.

Query governance

Athena datasources support the Query history, Scheduling, and Enable data storage settings. For steps, see Set query governance settings for a datasource.