Knowi enables data discovery, querying, visualization, and automated reporting from Amazon Athena. Here's how you can set up and connect to Athena using IAM credentials, instance roles, or assume role capabilities.
Overview
Connect and extract data from your Athena instance through one of the following methods:
- IAM User: Use an AWS IAM user with access to Athena and S3.
- Instance Role: Attach permissions to an Amazon instance or pod.
- Assume Role: Access Athena in another AWS account using role delegation.
Option 1: Connecting via IAM User
Steps to Connect
-
Create or Use an IAM User:
- Set up a new IAM user or use an existing one.
- Assign the following permissions:
a.AthenaFullAccess
orAthenaReadAccess
.
b.S3FullAccess
orS3ReadWriteAccess
to write query results to S3.
-
Generate Access Keys:
- Go to Security Credentials for the IAM user.
- Create or use an existing Access Key and Secret Key. Note these credentials for use in Knowi.
-
Set Up an S3 Query Result Folder:
- Create a designated folder in S3 to store Athena query results.
- Take note of the S3 location.
-
Configure the Data Source in Knowi:
- In Knowi, navigate to Queries and click New Datasource +.
- Select Amazon Athena from the list of data sources.
- Enter the following details:
a. Datasource Name
b. Access Key ID and Secret Key
c. S3 Query Results Folder Path
-
Test the Connection:
- Click Test Connection to validate the configuration.
- If successful, you can now create and run Athena queries.
Option 2: Connecting via Instance Role
Steps to Connect
-
Create or Edit an IAM Role:
- Set up a new role or edit an existing one in AWS IAM.
- Assign permissions for:
a.AthenaFullAccess
orAthenaReadAccess
.
b.S3FullAccess
orS3ReadWriteAccess
.
-
Launch an Amazon Instance or Pod:
- Attach the role to an Amazon EC2 instance or Kubernetes pod.
-
Configure the Data Source in Knowi:
- Navigate to Queries and click New Datasource +.
- Select Amazon Athena and enter the required details.
- Leave the Access Key ID and Secret Key fields empty.
-
Test and Run Queries:
- Validate the connection by clicking Test Connection.
- If successful, proceed to create and run Athena queries.
Option 3: Connecting via Assume Role
Steps to Connect
-
Enable Role Delegation:
- Enable your IAM role to assume roles in other AWS accounts.
- Refer to the AWS documentation on AssumeRole API.
-
Get Role ARN and External ID:
- Obtain the Role ARN and, if applicable, the External ID from the account you want to connect to.
- Obtain the Role ARN and, if applicable, the External ID from the account you want to connect to.
-
Configure the Data Source in Knowi:
- In Knowi, navigate to New Datasource + and select Amazon Athena.
- Enter the Assume Role ARN and External ID in the respective fields.
-
Test the Connection:
- Click Test Connection to verify the setup.
- Once connected, you can start querying data across accounts.