Athena

Steps to prepare and connect to Athena

Lightup account setup

Lightup needs an IAM user account than can access the Athena data you want to include in the datasource. The following procedure helps you create the account and a policy to enable read access, and attach the policy to the new account.

  1. Create a new IAM user, and enable Programmatic Access.

    Create a new Athena user account

  2. Select Attach existing policies directly, then Create policy.

    Create a new Athena policy

  3. Use the following template to create the new policy:

❗️

Please replace the following template values with your own data.

  • Replace 000000000000 with your own ID.
  • Change any mention of us-west-2 that's incorrect to the AWS region that applies.
  • Replace lightup-athena-staging with your actual S3 bucket.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "athena:GetTableMetadata",
        "athena:StartQueryExecution",
        "athena:GetQueryResultsStream",
        "glue:GetTable",
        "glue:GetTables",
        "athena:GetQueryResults",
        "athena:GetDatabase",
        "athena:GetDataCatalog",
        "athena:GetNamedQuery",
        "athena:ListTagsForResource",
        "athena:ListQueryExecutions",
        "athena:ListNamedQueries",
        "glue:GetDatabase",
        "athena:GetWorkgroup",
        "athena:ListDatabases",
        "athena:StopQueryExecution",
        "athena:GetQueryExecution",
        "athena:BatchGetNamedQuery",
        "athena:ListTableMetadata",
        "athena:BatchGetQueryExecution"
      ],
      "Resource": [
        "arn:aws:glue:us-west-2:000000000000:catalog",
        "arn:aws:glue:us-west-2:000000000000:database/db1",
        "arn:aws:glue:us-west-2:000000000000:database/db2",
        "arn:aws:glue:us-west-2:000000000000:database/db1/*",
        "arn:aws:glue:us-west-2:000000000000:database/db2/*",
        "arn:aws:athena:us-west-2:000000000000:workgroup/primary",
        "arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "athena:ListDataCatalogs",
        "athena:ListWorkGroups"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::lightup-athena-staging"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
        "s3:GetObject"
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::lightup-athena-staging/*"
      ]
    }
  ]
}
  1. Name the policy athena-read-only, then select Create policy.

  1. Use the checkbox to select the athena-read-only policy, and then select Attach existing policies directly.

  1. Finish the Add User dialog.

📘

Workgroup support

Lightup supports Athena workgroups, which can help you manage costs and performance. A workgroup must be in place before you connect to the Athena datasource in Lightup— you can't add a workgroup to an existing datasource.

Connector setting

  • Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2". Read more about Athena Regions.
  • Access Key ID - You'll receive the Access Key ID when you create the new user.
  • Secret Access Key - You'll receive the Secret Access Key when you create the new user.
  • Staging Directory - Enter the S3 bucket that you used in your JSON script (in the example, this is lightup-athena-staging).
  • Workgroup - If needed, enter a specific Athena workgroup to connect to.

Advanced/Schema scan frequency

You can adjust how often scans run for a datasource.

  • In section 3 - Advanced, select a value for Schema scan frequency: Hourly, Daily, or Weekly.

Query governance

Athena datasources support the Query history, Scheduling, and Enable data storage settings. For steps, see Set query governance settings for a datasource.