Create a connection

You use the Amazon Athena connection to connect to the Amazon Athena source system and create schema to use in AWS Glue. Create an Amazon Athena connection object in Administrator.

1In Administrator, select Connections.

2Click New Connection.

3In the Connection Details section, enter the following connection details:

Connection property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.

4Select the Amazon Athena connection type.

5Enter properties specific to the Amazon Athena connection:

Use Secret Vault

Stores sensitive credentials for this connection in the secrets manager that is configured for your organization.

This property appears only if secrets manager is set up for your organization.

When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured.

Note:

If you’re using this connection to apply data access policies through pushdown or proxy services, you cannot use the Secret Vault configuration option.

For information about how to configure and use a secrets manager, see Secrets manager configuration.

Runtime Environment

The name of the runtime environment where you want to run tasks.

6Select the authentication type to connect to Amazon Athena and enter the required properties.

You can select one of the following authentication types:

- Permanent IAM credentials
- EC2 instance profile

7Click Test Connection.

8Click Save.

Permanent IAM credentials

Permanent IAM credentials authentication is the default type that requires the access key and secret key of the IAM user to connect to Amazon Athena.

The following table describes the basic connection properties for permanent IAM credentials authentication:

Property	Description
Access Key	The access key of the IAM user to connect to Amazon Athena.
Secret Key	The secret key of the IAM user to connect to Amazon Athena.
JDBC URL	The URL to connect to Amazon Athena. Enter the JDBC URL in the following format: jdbc:athena://Region=<region_name;OutputLocation=<S3_Output_Location>;Workgroup=<Workgroup_Name>; It is mandatory to specify the AWS region. You can either add the AWS region in the JDBC URL or specify it in one of the locations recognized by the AWS default region provider chain. For more information about the AWS default region provider chain, see the AWS documentation. If you use a workgroup with customer-managed query results, specify at least one of the two parameters in the JDBC URL, either the S3 output location or the workgroup name. For a workgroup with Athena-managed query results, specify only the workgroup name and do not include the S3 output location in the JDBC URL.

EC2 instance profile

You can configure AWS Identity and Access Management (IAM) authentication to connect to Amazon Athena when the Secure Agent is installed on an Amazon Elastic Compute Cloud (EC2) system.

The following table describes the basic connection properties for EC2 instance profile authentication:

Property	Description
JDBC URL	The URL of the Amazon Athena connection. Enter the JDBC URL in the following format: jdbc:athena://Region=<region_name;OutputLocation=<S3_Output_Location>;Workgroup=<Workgroup_Name>; It is mandatory to specify the AWS region. You can either add the AWS region in the JDBC URL or specify it in one of the locations recognized by the AWS default region provider chain. For more information about the AWS default region provider chain, see the AWS documentation. If you use a workgroup with customer-managed query results, specify at least one of the two parameters in the JDBC URL, either the S3 output location or the workgroup name. For a workgroup with Athena-managed query results, specify only the workgroup name and do not include the S3 output location in the JDBC URL.

Property

Description

JDBC URL

The URL of the Amazon Athena connection.

Enter the JDBC URL in the following format:

jdbc:athena://Region=<region_name;OutputLocation=<S3_Output_Location>;Workgroup=<Workgroup_Name>;

It is mandatory to specify the AWS region. You can either add the AWS region in the JDBC URL or specify it in one of the locations recognized by the AWS default region provider chain.

For more information about the AWS default region provider chain, see the AWS documentation.

If you use a workgroup with customer-managed query results, specify at least one of the two parameters in the JDBC URL, either the S3 output location or the workgroup name. For a workgroup with Athena-managed query results, specify only the workgroup name and do not include the S3 output location in the JDBC URL.