Connect to Athena

Steps to prepare and connect to Athena

PreviousManage datasources NextConnect to BigQuery

Last updated 2 years ago

Connect to Athena

Steps to prepare and connect to Athena

Lightup account setup: Athena

1. Create a new IAM user, and enable Programmatic Access.

2. Select Attach existing policies directly, then Create policy:

3. Use the following template to create the new policy.:

As a template, the following sample has some values you must replace with your own data.

Replace 000000000000 with your own ID.
Change any mention of us-west-2 that's incorrect to the AWS region that applies.
Replace athena-s3-result-dir with your actual S3 path.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "athena:GetTableMetadata",
        "athena:StartQueryExecution",
        "athena:GetQueryResultsStream",
        "glue:GetTable",
        "glue:GetTables",
        "athena:GetQueryResults",
        "athena:GetDatabase",
        "athena:GetDataCatalog",
        "athena:GetNamedQuery",
        "athena:ListTagsForResource",
        "athena:ListQueryExecutions",
        "athena:ListNamedQueries",
        "glue:GetDatabase",
        "athena:GetWorkgroup",
        "athena:ListDatabases",
        "athena:StopQueryExecution",
        "athena:GetQueryExecution",
        "athena:BatchGetNamedQuery",
        "athena:ListTableMetadata",
        "athena:BatchGetQueryExecution"
      ],
      "Resource": [
        "arn:aws:glue:us-west-2:000000000000:catalog",
        "arn:aws:glue:us-west-2:000000000000:database/db1",
        "arn:aws:glue:us-west-2:000000000000:database/db2",
        "arn:aws:glue:us-west-2:000000000000:database/db1/*",
        "arn:aws:glue:us-west-2:000000000000:database/db2/*",
        "arn:aws:athena:us-west-2:000000000000:workgroup/primary",
        "arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "athena:ListDataCatalogs",
        "athena:ListWorkGroups"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
        "s3:GetObject"
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]/*"
      ]
    }
  ]
}

4. Name the policy and attach the policy to the user.

Name the policy athena-read-only, then select Create policy.

Select the athena-read-only policy, then select Attach existing policies directly.

5. Finish the Add User dialog.

Connector settings

Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2".
Access Key ID - You'll receive the Access Key ID when you create the new user.
Secret Access Key - You'll receive the Secret Access Key when you create the new user.
Staging Directory - Enter lightup-athena-staging.

PreviousManage datasources NextConnect to BigQuery

Last updated 2 years ago

Lightup account setup: Athena

1. Create a new IAM user, and enable Programmatic Access.

2. Select Attach existing policies directly, then Create policy:

3. Use the following template to create the new policy.:

As a template, the following sample has some values you must replace with your own data.

Replace 000000000000 with your own ID.
Change any mention of us-west-2 that's incorrect to the AWS region that applies.
Replace athena-s3-result-dir with your actual S3 path.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "athena:GetTableMetadata",
        "athena:StartQueryExecution",
        "athena:GetQueryResultsStream",
        "glue:GetTable",
        "glue:GetTables",
        "athena:GetQueryResults",
        "athena:GetDatabase",
        "athena:GetDataCatalog",
        "athena:GetNamedQuery",
        "athena:ListTagsForResource",
        "athena:ListQueryExecutions",
        "athena:ListNamedQueries",
        "glue:GetDatabase",
        "athena:GetWorkgroup",
        "athena:ListDatabases",
        "athena:StopQueryExecution",
        "athena:GetQueryExecution",
        "athena:BatchGetNamedQuery",
        "athena:ListTableMetadata",
        "athena:BatchGetQueryExecution"
      ],
      "Resource": [
        "arn:aws:glue:us-west-2:000000000000:catalog",
        "arn:aws:glue:us-west-2:000000000000:database/db1",
        "arn:aws:glue:us-west-2:000000000000:database/db2",
        "arn:aws:glue:us-west-2:000000000000:database/db1/*",
        "arn:aws:glue:us-west-2:000000000000:database/db2/*",
        "arn:aws:athena:us-west-2:000000000000:workgroup/primary",
        "arn:aws:athena:us-west-2:000000000000:dataCatalog/AwsDataCatalog"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "athena:ListDataCatalogs",
        "athena:ListWorkGroups"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
        "s3:GetObject"
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::[athena-s3-result-dir]/*"
      ]
    }
  ]
}

4. Name the policy and attach the policy to the user.

Name the policy athena-read-only, then select Create policy.

Select the athena-read-only policy, then select Attach existing policies directly.

5. Finish the Add User dialog.

Connector settings

Region - Specify the AWS Region where your data is hosted, e.g. "us-west-2".
Access Key ID - You'll receive the Access Key ID when you create the new user.
Secret Access Key - You'll receive the Secret Access Key when you create the new user.
Staging Directory - Enter lightup-athena-staging.