AWS Athena

Setup Athena Integration To Mitzu

Overview

To connect Mitzu to Athena, you’ll need to input your IAM credentials:

  • Access key

  • Secret Key

Mitzu will encrypt these credentials.

If you use other AWS services, we recommend creating a special AWS Service Account that only has the permissions required to run Athena and input the IAM credentials from that account to connect Mitzu to Athena.

See Identity and access management in Athena.

Getting Connection Information

  1. Create an AWS Athena service user.

Head over to AWS IAM and create a user. This user should be able to access 3 main resources:

  • Files in S3

  • AWS Glue

  • AWS Athena

Here, you can find more information about AWS users and how to create them.

Here is an example IAM Policy document that can be used:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Athena",
      "Effect": "Allow",
      "Action": [
        "athena:BatchGetNamedQuery",
        "athena:BatchGetQueryExecution",
        "athena:GetNamedQuery",
        "athena:GetQueryExecution",
        "athena:GetQueryResults",
        "athena:GetQueryResultsStream",
        "athena:GetWorkGroup",
        "athena:ListDatabases",
        "athena:ListDataCatalogs",
        "athena:ListNamedQueries",
        "athena:ListQueryExecutions",
        "athena:ListTagsForResource",
        "athena:ListWorkGroups",
        "athena:ListTableMetadata",
        "athena:StartQueryExecution",
        "athena:StopQueryExecution",
        "athena:CreatePreparedStatement",
        "athena:DeletePreparedStatement",
        "athena:GetPreparedStatement"
      ],
      "Resource": "*"
    },
    {
      "Sid": "Glue",
      "Effect": "Allow",
      "Action": [
        "glue:BatchGetPartition",
        "glue:GetDatabase",
        "glue:GetDatabases",
        "glue:GetPartition",
        "glue:GetPartitions",
        "glue:GetTable",
        "glue:GetTables",
        "glue:GetTableVersion",
        "glue:GetTableVersions"
      ],
      "Resource": "*"
    },
    {
      "Sid": "S3ReadAccess",
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:ListBucket", "s3:GetBucketLocation"],
      "Resource": [
        "arn:aws:s3:::bucket1",
        "arn:aws:s3:::bucket1/*",
        "arn:aws:s3:::bucket2",
        "arn:aws:s3:::bucket2/*"
      ]
    },
    {
      "Sid": "AthenaResultsBucket",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:AbortMultipartUpload",
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": ["arn:aws:s3:::bucket2", "arn:aws:s3:::bucket2/*"]
    }
  ]
}

  1. Find and copy the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY to Mitzu. The Catalog in the case of AWS Athena should stay AwsDataCatalog or leave the field empty. Make sure you have chosen the correct bucket for storing intermediary files.

  1. Add tables from Athena. Follow here.

Last updated