Athena
Steps to prepare and connect to Athena
Lightup account setup
-
Create a new IAM user, and enable Programmatic Access.
-
Select Attach existing policies directly, then Create policy.
-
Use the following template to create the new policy:
Please replace the following template values with your own data.
- Replace 000000000000 with your own ID.
- Change any mention of us-west-2 that's incorrect to the AWS region that applies.
- Replace athena-s3-result-dir with your actual S3 path.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"athena:GetTableMetadata",
"athena:StartQueryExecution",
"athena:GetQueryResultsStream",
"glue:GetTable",
"glue:GetTables",
"athena:GetQueryResults",
"athena:GetDatabase",
"athena:GetDataCatalog",
"athena:GetNamedQuery",
"athena:ListTagsForResource",
"athena:ListQueryExecutions",
"athena:ListNamedQueries",
"glue:GetDatabase",
"athena:GetWorkgroup",
"athena:ListDatabases",
"athena:StopQueryExecution",
"athena:GetQueryExecution",
"athena:BatchGetNamedQuery",
"athena:ListTableMetadata",
"athena:BatchGetQueryExecution"
],
"Resource": [
"arn:aws:glue:us-west-2:000000000000:catalog",
"arn:aws:glue:us-west-2:000000000000:database/db1",
"arn:aws:glue:us-west-2:000000000000:database/db2",
"arn:aws:glue:us-west-2:000000000000:database/db1/*",
"arn:aws:glue:us-west-2:000000000000:database/db2/*",
"arn:aws:athena:us-west-2:000000000000:workgroup/primary",
"arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"athena:ListDataCatalogs",
"athena:ListWorkGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::[athena-s3-result-dir]"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
"s3:GetObject"
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::[athena-s3-result-dir]/*"
]
}
]
}
-
Name the policy and attach the policy to the user.
- Name the policy athena-read-only, then select Create policy.

- Select the athena-read-only policy, then select Attach existing policies directly.

- Finish the Add User dialog.
Workgroup support
Lightup supports Athena workgroups, which can help you manage costs and performance. A workgroup must be in place before you connect to the Athena datasource in Lightup— you can't add a workgroup to an existing datasource.
- For more information about Athena workgroups, please see the Athena help page, Manage queries and control costs with workgroups.
- To use a workgroup when you connect, enter the workgroup name in the datasource's Connector settings.
Connector setting
- Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2". Read more about Athena Regions.
- Access Key ID - You'll receive the Access Key ID when you create the new user.
- Secret Access Key - You'll receive the Secret Access Key when you create the new user.
- Staging Directory - Enter lightup-athena-staging.
- Workgroup - If needed, enter a specific Athena workgroup to connect to.
Advanced/Schema scan frequency
You can adjust how often scans run for a datasource.
- In section 3 - Advanced, select a value for Schema scan frequency: Hourly, Daily, or Weekly.
Query governance
Athena datasources support the Query history, Scheduling, and Enable data storage settings. For steps, see Set query governance settings for a datasource.
Updated 6 days ago