Athena
Steps to prepare and connect to Athena
Lightup account setup
Lightup needs an IAM user account than can access the Athena data you want to include in the datasource. The following procedure helps you create the account and a policy to enable read access, and attach the policy to the new account.
-
Create a new IAM user, and enable Programmatic Access.
-
Select Attach existing policies directly, then Create policy.
-
Use the following template to create the new policy:
Please replace the following template values with your own data.
- Replace 000000000000 with your own ID.
- Change any mention of us-west-2 that's incorrect to the AWS region that applies.
- Replace lightup-athena-staging with your actual S3 bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"athena:GetTableMetadata",
"athena:StartQueryExecution",
"athena:GetQueryResultsStream",
"glue:GetTable",
"glue:GetTables",
"athena:GetQueryResults",
"athena:GetDatabase",
"athena:GetDataCatalog",
"athena:GetNamedQuery",
"athena:ListTagsForResource",
"athena:ListQueryExecutions",
"athena:ListNamedQueries",
"glue:GetDatabase",
"athena:GetWorkgroup",
"athena:ListDatabases",
"athena:StopQueryExecution",
"athena:GetQueryExecution",
"athena:BatchGetNamedQuery",
"athena:ListTableMetadata",
"athena:BatchGetQueryExecution"
],
"Resource": [
"arn:aws:glue:us-west-2:000000000000:catalog",
"arn:aws:glue:us-west-2:000000000000:database/db1",
"arn:aws:glue:us-west-2:000000000000:database/db2",
"arn:aws:glue:us-west-2:000000000000:database/db1/*",
"arn:aws:glue:us-west-2:000000000000:database/db2/*",
"arn:aws:athena:us-west-2:000000000000:workgroup/primary",
"arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"athena:ListDataCatalogs",
"athena:ListWorkGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::lightup-athena-staging"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
"s3:GetObject"
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::lightup-athena-staging/*"
]
}
]
}
- Name the policy athena-read-only, then select Create policy.
- Use the checkbox to select the athena-read-only policy, and then select Attach existing policies directly.
- Finish the Add User dialog.
Workgroup support
Lightup supports Athena workgroups, which can help you manage costs and performance. A workgroup must be in place before you connect to the Athena datasource in Lightup— you can't add a workgroup to an existing datasource.
- For more information about Athena workgroups, please see the Athena help page, Manage queries and control costs with workgroups.
- To use a workgroup when you connect, enter the workgroup name in the datasource's Connector settings.
Connector setting
- Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2". Read more about Athena Regions.
- Access Key ID - You'll receive the Access Key ID when you create the new user.
- Secret Access Key - You'll receive the Secret Access Key when you create the new user.
- Staging Directory - Enter the S3 bucket that you used in your JSON script (in the example, this is lightup-athena-staging).
- Workgroup - If needed, enter a specific Athena workgroup to connect to.
Advanced/Schema scan frequency
You can adjust how often scans run for a datasource.
- In section 3 - Advanced, select a value for Schema scan frequency: Hourly, Daily, or Weekly.
Query governance
Athena datasources support the Query history, Scheduling, and Enable data storage settings. For steps, see Set query governance settings for a datasource.
Updated 5 days ago