AWS Athena (Pre-release)
Amazon’s serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL.
Supported Connection Methods
Available methods for connections to the target system from Lumi AI:
Supported Limits
The following are limits that can be configured for the system to moderate access and usage from users in Lumi AI:
Available Parameters
These properties are the essential source system connection properties that all queries are directed towards.
* Required parameters
System Permissions & Configuration
You will need to create cross-account IAM role whose trust policy allows Lumi's AWS account to run queries against Athena.
Create IAM policy with access to your Athena instance
Navigate to IAM -> Policies -> Create policy.
Select the JSON option and paste the following snippet, replacing
<your-data-bucket>
with<your-athena-staging-bucket>
with the name of your S3 Athena data bucket and S3 your staging (query results) bucket, respectively. /
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAthenaAccess",
"Effect": "Allow",
"Action": [
"athena:StartQueryExecution",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:ListQueryExecutions",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:GetTableMetadata"
],
"Resource": "*"
},
{
"Sid": "AllowGlueAccess",
"Effect": "Allow",
"Action": [
"glue:GetDatabases",
"glue:GetDatabase",
"glue:GetTables",
"glue:GetTable"
],
"Resource": "*"
},
{
"Sid": "AllowDataBucketReadAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<your-data-bucket>",
"arn:aws:s3:::<your-data-bucket>/*"
]
},
{
"Sid": "AllowStagingBucketReadWriteAccess",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::<your-athena-staging-bucket>",
"arn:aws:s3:::<your-athena-staging-bucket>/*"
]
}
]
}
Click Next.
Name the policy AthenaQueryPermissions and click Create Policy.
Create a Cross-Account IAM Role with the above IAM policy
Navigate to IAM → Roles → Create role.
Select Custom trust policy option and paste the following snippet, replacing
<lumi-account-id>
with Lumi's Account ID (provided during onboarding) and<aws-external-id>
with AWS external ID (can be any arbitrary string)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<lumi-account-id>:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<aws-external-id>"
}
}
}
]
}
Click Next.
In the Permissions policies, search for AthenaQueryPermissions and select it.
Click Next.
Name the role LumiAI-athena-query-runner and click Create Role.
Last updated
Was this helpful?