Setting up an authorization to Amazon Athena#
This guide explains how to set up an authorization to Amazon Athena.
Prerequisites#
Before you read this reference, perform all of the following actions:
Make sure you can log in to your Amazon AWS account. For more information, see the Amazon documentation.
Make sure you can access the Amazon Athena console.
Create the following items in the Amazon user interface:
An S3 bucket. For more information, see the Amazon documentation.
A database. For more information, see the Amazon documentation.
A table. For more information, see the Amazon documentation.
Assign an AWS policy to the IAM user associated with Amazon Athena. Find an AWS policy template below. For more conformation on IAM users, see the Amazon documentation.
In the Amazon user interface, generate the following credentials to authorize the authorization:
Access Key ID
Secret Access Key
For more information, see the Amazon documentation.
AWS policy template#
Below is a template for an AWS policy. Change the template and assign the AWS policy to the IAM user associated with Amazon Athena. The template contains the following placeholders:
S3_RESULT_BUCKETis the S3 bucket used for query results.REGIONis the AWS region in which Athena is set up.ACCOUNT_IDis your AWS account ID.WORKGROUP_NAMEis the workgroup associated with the Adverity authorization.CATALOG_NAMEis the name of the AWS Glue Data Catalog.DATABASE_NAMEis the name of the AWS Glue Database.TABLE_NAMEis the name of the AWS Glue Table to perform queries on.
Find a template for the AWS policy below.
{
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::S3_RESULT_BUCKET"
],
"Sid": "ListObjectsInBucket"
},
{
"Action": "s3:Object",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::S3_RESULT_BUCKET/"
],
"Sid": "AllObjectActions"
},
{
"Action": [
"athena:ListWorkGroups",
"athena:GetExecutionEngine",
"athena:GetExecutionEngines",
"athena:GetNamespace",
"athena:GetCatalogs",
"athena:GetNamespaces",
"athena:GetTables",
"athena:GetTable"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"athena:StartQueryExecution",
"athena:GetQueryResults",
"athena:DeleteNamedQuery",
"athena:GetNamedQuery",
"athena:ListQueryExecutions",
"athena:StopQueryExecution",
"athena:GetQueryResultsStream",
"athena:ListNamedQueries",
"athena:CreateNamedQuery",
"athena:GetQueryExecution",
"athena:BatchGetNamedQuery",
"athena:BatchGetQueryExecution",
"athena:GetWorkGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:athena:REGION:ACCOUNT_ID:workgroup/WORKGROUP_NAME"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:REGION:ACCOUNT_ID:catalog/CATALOG_NAME",
"arn:aws:glue:REGION:ACCOUNT_ID:database/DATABASE_NAME",
"arn:aws:glue:REGION:ACCOUNT_ID:catalog",
"arn:aws:glue:REGION:ACCOUNT_ID:table/DATABASE_NAME/TABLE_NAME"
]
}
],
"Version": "2012-10-17"
}
Setting up the authorization to Amazon Athena in Adverity#
To authorize Amazon Athena in Adverity, follow these steps:
Go to the Choose an Authorization step of the datastream setup. For more information, see Collecting data from Amazon Athena.
Click Setup a new Authorization.
In Access Key ID, enter the Access Key ID.
In Secret Access Key, enter the Secret Access Key.
Click Authorize.