Skip to main content

How to set up AWS Athena

Updated over a week ago

Setup takes about 20 minutes.

Introduction

Connecting AWS Athena to Foundational allows Foundational to scan metadata, determine lineage, and assess downstream impact for Athena databases and tables.

To make the connection, you need to:

  • Create AWS access using CloudFormation

  • Assign AWS permissions to Foundational

  • Connect to Foundational using your AWS account details

Prerequisites

Ensure you have:

  • AWS IAM permissions to create roles and deploy CloudFormation stacks.

  • Added Foundational IP addresses to the allowlist, see the article Allowing IP access to Foundational.

Access permissions

The permissions you assign to Foundational enable it to:

  • Read metadata from AWS Glue databases, tables, and partitions

  • Run Athena queries to retrieve metadata and access query history

  • Write access to the specified Amazon S3 output bucket/paths for query results

  • Optional: Read access to Amazon S3 output buckets or paths. This allows Foundational to read your data and is required only if you enable data observability features.

The table lists the required permissions.

Services

Required Permissions

Resources

AWS Athena

athena:StartQueryExecutioin
athena:GetQueryExecution
athena:BatchGetQueryExecution
athena:GetQueryResults
athena:ListQueryExecutions
athena:ListWorkGroups
athena:GetWorkGroup
athena:GetDataCatalog
athena:ListDataCatalogs
athena:ListTableMetadata
athena:GetTableMetadata
athena:GetDatabase
athena:ListDatabases

AWS Glue

glue.GetDatabase
glue:GetDatabases
glue:GetTable
glue:GetTables
glue:GetPartition
glue:GetPartitions
glue:BatchGetPartition
glue:GetTableVersion
glue:GetTableVersions
glue:GetUserDefinedFunction
glue:GetUserDefinedFunctions

Amazon S3
(query results bucket)

s3:PutObject
s3:GetObject
s3:ListBucket
s3:GetBucketLocation

arn:aws:s3:::foundational-athena-results
arn:aws:s3:::foundational-athena-results/athena-output/*

Create Athena access using AWS CloudFormation

Foundational automatically generates the CloudFormation configuration file based on the details you provide.

Step 1: Connect Foundational to AWS Athena

  1. In Foundational, open the Connectors & Integrations page.

  2. In Warehouses, select the Athena card and click Connect.

  3. A new screen opens. Click Add Account.

  4. The initial setup screen opens. Click Start Setup.

  5. The Setup New Connection screen opens.

    Enter the details:

    • Client ID: Your AWS account ID (12-digit number).

    • Role Name: This is the AWS access role name for Foundational. CloudFormation automatically creates a default role FoundationalAthenaAppAccess. Use the default or a role name that is not currently in use.

    • Region Name: The AWS region where you manage your AWS Glue catalog.

    • External ID: An auto-generated ID. Copy and save it. You’ll need the value to deploy the CloudFormation stack.

    • S3 Output Path: The full S3 path where you want Foundational to save query results. We recommend you create a new bucket arn:aws:s3:::foundational-athena-results.Foundational requests write access to this path only.

  6. Click Next.

  7. A new screen opens. Click Download YAML File.

  8. Leave the Foundational screen open for now and do not click Next. You’ll return to this screen in step 3.

Step 2: Deploy the CloudFormation stack

This step uses the auto-generated External ID that you saved and copied from the Foundational UI in the previous step.

  1. In AWS, go to the CloudFormation Stacks page.

  2. In Specify template, select Upload a template file and upload the YAML file that you downloaded.

  3. Click Next.

  4. In Provide a stack name and enter a stack name of your choice (e.g.,FoundationalAppAccess).

  5. Click Next.

  6. In Capabilities, select: I acknowledge that AWS CloudFormation might create IAM resources with custom names.

  7. Click Next.

  8. At the bottom of the page, click Submit.

  9. The stack creation process takes about a minute. You can track the status on the CloudFormation stacks page.

  10. When the process completes, move to step 3.

Step 3: Connect Foundational to Athena

  1. Return to Foundational.

  2. In the final setup screen, click Save to complete the connection.

If you don’t need to enable observability features, the connection to AWS Athena is complete.

Enable observability features (optional)

Follow these steps if you set up the connection without observability features and now wish to add them.

  1. Contact Foundational Support to receive the updated CloudFormation YAML File.

  2. In AWS, go to the CloudFormation Stack page and select the existing stack (e.g. FoundationalAppAccess).

  3. Click Update stack (top right) and select Make a direct update and select these options:

    • In Prerequisite - Prepare template: Select Replace existing template.

    • In Specify template: Select Upload a template file and upload the YAML file.

  4. In Specify stack details, click Next.

  5. In Capabilities, select: I acknowledge that AWS CloudFormation might create IAM resources with custom names.

  6. Click Next.

  7. At the bottom of the page, click Submit.

  8. The stack creation process takes about a minute. You can track the status on the CloudFormation stacks page.

That’s it. Foundational is now connected to Athena.

Related Articles
How to set up Snowflake
How to set up Tableau
How to Set up Looker
How to set up Sigma
How to Set up Hex
Did this answer your question?