Prerequisites

Before you create an Open Table connection, complete the prerequisites.

If you use AWS Glue Catalog and Amazon S3 Storage to interact with Apache Iceberg or Delta Lake tables, you need to have access to the following AWS services that manage the tables on AWS:

•AWS Glue Catalog: AWS Glue Catalog manages the metadata associated with the Apache Iceberg or Delta Lake tables.

•Amazon S3 Storage: Amazon S3 stores the Apache Iceberg or Delta Lake tables containing actual records in columnar format, organized in partitioned directories.

•Amazon Athena JDBC driver: Amazon Athena JDBC driver connects to the AWS Glue Catalog to access Apache Iceberg or Delta Lake tables metadata and perform SQL queries on data stored in Amazon S3 storage.

You need to create separate policies to access these services.

If you use Hive Metastore catalog and Microsoft Azure Delta Lake Storage Gen2 to interact with Apache Iceberg tables, you need to have access to the following services that manage the tables on Microsoft Azure Delta Lake Storage Gen2:

•Hive Metastore catalog: Hive Metastore catalog manages the metadata associated with the Apache Iceberg tables.

•Microsoft Azure Delta Lake Storage Gen2: Microsoft Azure Delta Lake Storage Gen2 stores the Apache Iceberg tables containing actual records in columnar format, organized in partitioned directories.

•Hive JDBC driver: Hive JDBC driver connects to the Hive Metastore catalog to access Apache Iceberg tables metadata and perform SQL queries on data stored in Microsoft Azure Delta Lake Storage Gen2.

Create minimal IAM policies

You need to create IAM policies with the minimum required permissions to interact with Apache Iceberg or Delta Lake tables managed by AWS Glue Catalog. For more information on configuring these policies, refer to the AWS documentation.

Minimum policy for Amazon Athena

The following sample policy shows the minimal Amazon IAM policy to access Amazon Athena:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"athena:CreatePreparedStatement",
"athena:GetPreparedStatement",
"athena:GetWorkGroup",
"athena:GetTableMetadata",
"athena:StartQueryExecution",
"athena:GetQueryResultsStream",
"athena:ListDatabases",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:GetDatabase",
"athena:ListTableMetadata",
"athena:GetDataCatalog",
"athena:DeletePreparedStatement"
],
"Resource": [
"arn:aws:athena:*:*:workgroup/*",
"arn:aws:athena:*:*:datacatalog/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"athena:ListDataCatalogs",
"athena:GetQueryExecution",
"athena:ListWorkGroups",
"athena:GetPreparedStatement"
],
"Resource": "*"
}
]
}

Minimum policy for AWS Glue

The following sample policy shows the minimal Amazon IAM policy to access AWS Glue Catalog:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:*"
],
"Resource": [
"*"
]
}
]
}

Minimum policy for AWS S3

The following sample policy shows the minimal Amazon IAM policy to read from or write data to an Amazon S3 bucket:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl"
],
"Resource": [
"*"
]
}
]
}

Install the JDBC driver

Before you use Open Table Connector, you need to copy the Amazon Athena or Hive JDBC driver on the Windows or Linux machine where you installed the Secure Agent.

1Download the latest Amazon Athena or Hive JDBC driver from the website.

2Navigate to the following directory on the Secure Agent machine: <Secure Agent installation directory>/ext/connectors/thirdparty/

3Create the following folder: informatica.opentableformat/common

4Add the JDBC driver to the folder.

5Restart the Secure Agent.