Connecting to Amazon Athena

The following guide shows how to configure Veezoo to connect to Amazon Athena.

Creating IAM Credentials

Veezoo communicates with Amazon Athena with IAM credentials: an access key ID and a secret access key.

We recommend creating a new IAM user specifically for Veezoo, with the minimum required permissions. As a starting point, this IAM user can use the AmazonAthenaFullAccess policy, to be adjusted as needed.

More details about a connection failure might appear in the Athena Recent Queries section, accessible from the Amazon Athena query editor.

To solve S3 authorization errors, for example, the following policy gives full access to the S3 bucket where query results are stored:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::athena-query-results",
                "arn:aws:s3:::athena-query-results/*"
            ]
        }
    ]
}

Note that the S3 Bucket URL needs to appear both with and without the root path (with a wildcard), in the Resource section.

See this guide to learn more about creating access keys for an IAM user.

Finding the Query Output Location

Amazon Athena stores query results in a S3 Bucket. Create a new Bucket on the Amazon S3 console, or choose an existing one if it is appropriate. The query output location field also accepts Bucket URLs without a path, to save the result files in its root.

A query output location could have been set earlier in the settings of the Amazon Athena Query Editor. If so, using a different location for Veezoo only is also possible.

Read more about query output locations here.

Finding the Region

The current AWS region is displayed in the top right corner of the Amazon Athena console.

Finding the Workgroup and Data Source

From the Amazon Athena Query Editor, select the Workgroup and Data Source (also called Data Catalog) you want to connect to.