Connect to Amazon Athena

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	Amazon Athena
Use Secret Vault	Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. This property is not supported by Data Ingestion and Replication. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. For information about how to configure and use a secrets manager, see Secrets manager configuration.
Runtime Environment	The name of the runtime environment where you want to run tasks. Select a Secure Agent, Hosted Agent, or serverless runtime environment.

Authentication types

Permanent IAM credentials

Permanent IAM credentials authentication is the default type that requires the access key and secret key of the IAM user to connect to Amazon Athena.

The following table describes the basic connection properties for permanent IAM credentials authentication:

Property	Description
Access Key	The access key of the IAM user to connect to Amazon Athena.
Secret Key	The secret key of the IAM user to connect to Amazon Athena.
JDBC URL	The URL to connect to Amazon Athena. Enter the JDBC URL in the following format: jdbc:awsathena://AwsRegion=<region_name>;S3OutputLocation=<S3_Output_Location>;

EC2 instance profile

You can configure AWS Identity and Access Management (IAM) authentication to connect to Amazon Athena when the Secure Agent is installed on an Amazon Elastic Compute Cloud (EC2) system.

The following table describes the basic connection properties for EC2 instance profile authentication:

Property	Description
JDBC URL	The URL of the Amazon Athena connection. Enter the JDBC URL in the following format: jdbc:awsathena://AwsRegion=<region_name>;S3OutputLocation=<S3_Output_Location>;

Advanced settings

Property	Description
Customer Master Key ID	The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3. The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3.You can either enter the customer-generated customer master key ID or the default customer master key ID. Ensure that you generate the customer master key for the same region where your Amazon S3 bucket resides. For more information about using customer master keys with Amazon Athena, see Encryption in the AWS documentation.

Property

Description

Customer Master Key ID

The customer master key ID generated by AWS Key Management Service (AWS KMS) or the ARN of your custom key for cross-account access when you stage data in Amazon S3.

The customer master key serves to encrypt your data at the destination before they are saved in Amazon S3.You can either enter the customer-generated customer master key ID or the default customer master key ID.

Ensure that you generate the customer master key for the same region where your Amazon S3 bucket resides.

For more information about using customer master keys with Amazon Athena, see Encryption in the AWS documentation.

Connect to Amazon Athena

Before you begin

Connection details

Authentication types

Permanent IAM credentials

EC2 instance profile

Advanced settings

Related links