Skip to main content

How to set up AWS Athena

AWS Athena connector configuration

Updated over a week ago

Use this connector to have Foundational scan and determine lineage and downstream impact for Athena.

This setup should take about 5 minutes.

Permissions: You need AWS IAM permissions to create roles and deploy CloudFormation stacks.

Set up Athena access using AWS CloudFormation

We auto generate the configuration file based on the details you provide.

  1. Enter our Athena Connector Page, click Add new AWS Account and supply the following parameters:

    1. Client ID: Your AWS client ID (12 digits number).

    2. Role Name: AWS access role name for our App. Please choose a role name that's not currently in use. You can leave the default value (FoundationalAthenaAppAccess) or change it to something else.

      ⚠️ The role will be created automatically by CloudFormation

    3. Region Name: The AWS region in which you manage your AWS Glue catalog.

    4. S3 Output Path: Full S3 path in which our query results will be saved. You can either create a new bucket / use existing one. We only request write access to the full path (e.g. s3://bucket-name/inner_folder/*) .

  2. Click Download CloudFormation YAML File

    1. Under "Specify template" select "Upload a template file" and upload the YAML file. Click Next.

    2. Under "Provide a stack name" supply a stack name at your choice (e.g. "FoundationalAppAccess". Click Next.

    3. Under "Capabilities" check-in "I acknowledge that AWS CloudFormation might create IAM resources with custom names.". Click Next.

    4. At the bottom of the page - click Submit.

  3. Stack creation process might take up to a minute on AWS. You can follow the status on CloudFormation stacks page.

  4. Get back to Foundational and click the Save button.

Foundational requests access to the following:

  • AWS Glue – Read metadata from databases, tables, and partitions.

  • AWS Athena – Run queries to retrieve metadata and access query history.

  • Amazon S3 – Write access to the specified output path for query results.

⚠️ Some observability features require access to actual data stored in S3. In such cases, read access to the relevant S3 buckets/folders must be granted in a separate process.

Did this answer your question?