Prerequisites

Before you create an Open Table connection with Apache Iceberg format, complete the prerequisites.

To interact with Apache Iceberg tables, you need to have access to the following AWS services that manage Apache Iceberg tables on AWS:

•Amazon S3: Amazon S3 stores the Apache Iceberg tables containing actual records in columnar format, organized in partitioned directories.

•AWS Glue Catalog: AWS Glue Data Catalog manages the metadata associated with the Apache Iceberg tables.

•Amazon Athena: Amazon Athena connects to the Glue catalog to access Iceberg table metadata and perform SQL queries on data stored in S3.

You need to create separate policies to access these services.

Create minimal IAM policies

You need to create IAM policies with the minimum required permissions to interact with Apache Iceberg tables managed by AWS Glue Catalog. For more information on configuring these policies, refer to the AWS documentation.

Minimum policy for Amazon Athena

The following sample policy shows the minimal Amazon IAM policy to access Amazon Athena:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"athena:CreatePreparedStatement",
"athena:GetPreparedStatement",
"athena:GetWorkGroup",
"athena:GetTableMetadata",
"athena:StartQueryExecution",
"athena:GetQueryResultsStream",
"athena:ListDatabases",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:GetDatabase",
"athena:ListTableMetadata",
"athena:GetDataCatalog",
"athena:DeletePreparedStatement"
],
"Resource": [
"arn:aws:athena:*:*:workgroup/*",
"arn:aws:athena:*:*:datacatalog/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"athena:ListDataCatalogs",
"athena:GetQueryExecution",
"athena:ListWorkGroups",
"athena:GetPreparedStatement"
],
"Resource": "*"
}
]
}

Minimum policy for AWS Glue

The following sample policy shows the minimal Amazon IAM policy to access AWS Glue catalog:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:*"
],
"Resource": [
"*"
]
}
]
}

Minimum policy for AWS S3

The following sample policy shows the minimal Amazon IAM policy to read from or write data to an Amazon S3 bucket:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl"
],
"Resource": [
"*"
]
}
]
}

Adding the Amazon Athena JDBC driver

Before you use Open Table Connector, you must copy the Amazon Athena JDBC driver on the Windows or Linux machine where you installed the Secure Agent.

1Download the latest Amazon Athena JDBC driver from the Amazon website.

2Navigate to the following directory on the Secure Agent machine:

<Secure Agent installation directory>/ext/connectors/thirdparty/

3 Create the following folders:

informatica.opentableformat/common

4Add the JDBC driver to the folder created in step 3.

5Restart the Secure Agent.