AWS Athena (Pre-release)
Amazonβs serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL.
Supported Connection Methods
Available methods for connections to the target system from Lumi AI:
Supported Limits
The following are limits that can be configured for the system to moderate access and usage from users in Lumi AI:
Available Parameters
These properties are the essential source system connection properties that all queries are directed towards.
* Required parameters
System Permissions & Configuration
You will need to create cross-account IAM role whose trust policy allows Lumi's AWS account to run queries against Athena.
Create IAM policy with access to your Athena instance
Navigate to IAM -> Policies -> Create policy.
Select the JSON option and paste the following snippet, replacing
<your-data-bucket>
with<your-athena-staging-bucket>
with the name of your S3 Athena data bucket and S3 your staging (query results) bucket, respectively. /
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAthenaAccess",
"Effect": "Allow",
"Action": [
"athena:StartQueryExecution",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:ListQueryExecutions",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:GetTableMetadata"
],
"Resource": "*"
},
{
"Sid": "AllowGlueAccess",
"Effect": "Allow",
"Action": [
"glue:GetDatabases",
"glue:GetDatabase",
"glue:GetTables",
"glue:GetTable"
],
"Resource": "*"
},
{
"Sid": "AllowDataBucketReadAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<your-data-bucket>",
"arn:aws:s3:::<your-data-bucket>/*"
]
},
{
"Sid": "AllowStagingBucketReadWriteAccess",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::<your-athena-staging-bucket>",
"arn:aws:s3:::<your-athena-staging-bucket>/*"
]
}
]
}
Click Next.
Name the policy AthenaQueryPermissions and click Create Policy.
Create a Cross-Account IAM Role with the above IAM policy
Navigate to IAM β Roles β Create role.
Select Custom trust policy option and paste the following snippet, replacing
<lumi-account-id>
with Lumi's Account ID (provided during onboarding) and<aws-external-id>
with AWS external ID (can be any arbitrary string)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<lumi-account-id>:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<aws-external-id>"
}
}
}
]
}
Click Next.
In the Permissions policies, search for AthenaQueryPermissions and select it.
Click Next.
Name the role LumiAI-athena-query-runner and click Create Role.
Last updated
Was this helpful?