Amazon Athena Connection¶

Introduction¶

An Amazon Athena connection, created using the Amazon Athena connector, establishes access to Amazon Athena. These activities, once configured, interact with Amazon Athena through the connection.

Create or Edit an Amazon Athena Connection¶

A new Amazon Athena connection is created using the Amazon Athena connector from one of these locations:

• The design component palette's Connections tab (see Design Component Palette).
• The Global Connections page (see Create a Global Connection in Global Connections).

An existing Amazon Athena connection can be edited from these locations:

• The design component palette's Connections tab (see Design Component Palette).
• The project pane's Components tab (see Component Actions Menu in Project Pane Components Tab).
• The Global Connections page (see Edit a Global Connection in Global Connections).

Configure an Amazon Athena Connection¶

Each user interface element of the Amazon Athena connection configuration screen is described below.

• Connection Name: Enter a name to use to identify the connection. The name must be unique for each Amazon Athena connection and must not contain forward slashes (/) or colons (:). This name is also used to identify the Amazon Athena endpoint, which refers to both a specific connection and its activities.

• S3 Staging Directory: Enter the S3 staging directory.

• Auth Scheme: Select the authorization scheme, one of:

  • ADFS

    • User: Enter the user.

    • Password: Enter the password.

    • SSO Login URL: Enter the SSO login URL.

    • Use Lake Formation: When selected, specifies to use lake formation.

  • AwsCognitoBasic

    • AWS Cognito Region: Select the AWS Cognito region, one of BAHRAIN, BEIJING, CAPETOWN, CENTRAL, FRANKFURT, GOVCLOUDEAST, GOVCLOUDWEST, HONGKONG, IRELAND, LONDON, MILAN, MUMBAI, NINGXIA, NORTHERNCALIFORNIA, NORTHERNVIRGINIA, OHIO, OREGON, OSAKA, PARIS, SAOPAULO, SEOUL, SINGAPORE, STOCKHOLM, SYDNEY, or TOKYO.

    • AWS User Pool Id: Enter the AWS user pool ID.

    • AWS User Pool Client App Id: Enter the AWS user pool client app ID.

    • AWS Identity Pool Id: Enter the AWS identity pool ID.

    • AWS User Pool Client App Secret: Enter the AWS user pool client app secret.

  • AwsCognitoSrp

    • AWS Cognito Region: Select the AWS Cognito region, one of BAHRAIN, BEIJING, CAPETOWN, CENTRAL, FRANKFURT, GOVCLOUDEAST, GOVCLOUDWEST, HONGKONG, IRELAND, LONDON, MILAN, MUMBAI, NINGXIA, NORTHERNCALIFORNIA, NORTHERNVIRGINIA, OHIO, OREGON, OSAKA, PARIS, SAOPAULO, SEOUL, SINGAPORE, STOCKHOLM, SYDNEY, or TOKYO.

    • AWS User Pool Id: Enter the AWS user pool ID.

    • AWS User Pool Client App Id: Enter the AWS user pool client app ID.

    • AWS Identity Pool Id: Enter the AWS identity pool ID.

    • AWS User Pool Client App Secret: Enter the AWS user pool client app secret.

  • AwsCredentialsFile

    • AWS Credentials File: Enter the AWS credentials file.

    • AWS Credentials File Profile: Enter the AWS credentials file profile.

  • AwsEC2Roles

  • AwsIAMRoles

    • AWS Access Key: Enter the AWS access key.

    • AWS Secret Key: Enter the AWS secret key.

    • AWS Role ARN: Enter the AWS role ARN.

    • AWS External Id: Enter the AWS external ID.

  • AwsMFA

    • MFA Serial Number: Enter the MFA serial number.

    • MFA Token: Enter the MFA token.

    • Temporary Token Duration: Enter the temporary token duration.

  • AwsRootKeys (Recommended)

    • AWS Access Key: Enter the AWS access key.

    • AWS Secret Key: Enter the AWS secret key.

  • AzureAD

    • SSO Properties: Enter the SSO properties.

    • Initiate OAuth: Select the OAuth setting, one of:

      • GETANDREFRESH

      • OFF

        • OAuth Access Token: Enter the OAuth access token.

      • REFRESH

        • OAuth Access Token: Enter the OAuth access token.

    • Use Lake Formation: When selected, specifies to use lake formation.

    • OAuth Client Id: Enter the OAuth client ID.

    • OAuth Client Secret: Enter the OAuth client secret.

    • OAuth Refresh Token: Enter the OAuth refresh token.

  • Okta

    • User: Enter the user.

    • Password: Enter the password.

    • SSO Login URL: Enter the SSO login URL.

    • SSO Properties: Enter the SSO properties.

    • Use Lake Formation: When selected, specifies to use lake formation.

  • PingFederate

    • User: Enter the user.

    • Password: Enter the password.

    • SSO Login URL: Enter the SSO login URL.

    • SSO Properties: Enter the SSO properties.

    • SSO Exchange Url: Enter the SSO exchange URL.

    • Use Lake Formation: When selected, specifies to use lake formation.

    • AWS Principal ARN: Enter the AWS principal ARN.

  • TemporaryCredentials

    • AWS Access Key: Enter the AWS access key.

    • AWS Secret Key: Enter the AWS secret key.

    • AWS Session Token: Enter the AWS session token.

• AWS Region: Select the AWS region, one of BAHRAIN, BEIJING, CAPETOWN, CENTRAL, FRANKFURT, GOVCLOUDEAST, GOVCLOUDWEST, HONGKONG, IRELAND, JAKARTA, LONDON, MILAN, MUMBAI, NINGXIA, NORTHERNCALIFORNIA, NORTHERNVIRGINIA, OHIO, OREGON, OSAKA, PARIS, SAOPAULO, SEOUL, SINGAPORE, STOCKHOLM, SYDNEY, TOKYO, UAE, or ZURICH.

• Data Source: Enter the data source. This field can be left empty if you've selected AwsRootKeys as your Auth Scheme (recommended).

• Database: Enter the database. This field can be left empty if you've selected AwsRootKeys as your Auth Scheme (recommended).

• Use Proxy Settings: Select to use Private Agent proxy settings.

• Advanced Configurations: When selected, shows the Advanced Configurations Properties table, which is used to add additional configuration properties as key-value pairs.

  Click the add icon to add a row to the table below and enter a key-value pair for each property.

  To save the row, click the submit icon in the rightmost column.

  To edit or delete a single row, hover over the rightmost column and use the edit icon or delete icon .

  To delete all rows, click Clear All.

  Important

  Fields in the Advanced Configurations table display the variable icon only in edit mode. For these fields' variable values to be populated at runtime, the agent version must be at least 10.75 / 11.13.

• Test: Click to verify the connection using the specified configuration. When the connection is tested, the latest version of the connector is downloaded by the agent(s) in the agent group associated with the current environment. This connector supports suspending the download of the latest connector version by using the Disable Auto Connector Update organization policy.

• Save Changes: Click to save and close the connection configuration.

• Discard Changes: After making changes to a new or existing configuration, click to close the configuration without saving. A message asks you to confirm that you want to discard changes.

• Delete: After opening an existing connection configuration, click to permanently delete the connection from the project and close the configuration (see Component Dependencies, Deletion, and Removal). A message asks you to confirm that you want to delete the connection.

Configure OAuth Connections¶

This connector supports a connection using OAuth by using specific configuration properties. After selecting an auth scheme that includes Initiate OAuth, you will be able to specify the configuration in the fields that are displayed.

For this connector, two scenarios are supported. In either scenario, you will need to use a third-party tool (such as Postman or a similar tool) to obtain the required access token or tokens from the endpoint involved. Both of these scenarios work only for single-agent groups. These are Agent Groups that consist of a single agent.

• Scenario 1: Using an OAuth access token that expires after a set period of time.

  With this configuration, you supply an OAuth access token that lasts for a set period of time, as determined by the particular endpoint. The connector will use the token to make the connection. The connection, however, will no longer work once the access token expires. You would configure the connector to use the token by setting these properties:

  Configuration Property	Value
  Initiate OAuth	OFF
  OAuth Access Token	Set to the value of the OAuth access token obtained from the endpoint

• Scenario 2: Using an OAuth access token combined with an OAuth refresh token to enable automatic refresh of access.

  With this configuration, the connector will use a refresh token to obtain a new access token once the current access token has expired. This is generally the best method of configuring OAuth.

  You supply an OAuth access token and an OAuth refresh token, as determined by the particular endpoint. You would configure the connector to use these tokens by setting these properties:

  Configuration Property	Value
  Initiate OAuth	REFRESH
  OAuth Access Token	Set to the value of the OAuth access token obtained from the endpoint
  OAuth Refresh Token	Set to the value of the OAuth refresh token obtained from the endpoint

Next Steps¶

After an Amazon Athena connector connection has been created, you place an activity type on the design canvas to create activity instances to be used either as sources (to provide data in an operation) or as targets (to consume data in an operation).

Menu actions for a connection and its activity types are accessible from the project pane and design component palette. For details, see Actions Menus in Connector Basics.

These activity types are available:

• Query: Retrieves records from a table at Amazon Athena and is intended to be used as a source in an operation.

• Create: Inserts a record into a table at Amazon Athena and is intended to be used as a target in an operation.

• Execute: Executes a procedure at Amazon Athena and is intended to be used as a target in an operation.