Athena Adapter
Connect to AWS Athena.
Configuration
athena_data:
adapter: athena
name: AWS Athena
tier: cold
query_timeout: 600
# Required
region: us-east-1
s3_output_location: s3://your-athena-results-bucket/queries/
database: default
# Optional
catalog: awsdatacatalog # Default: awsdatacatalog
workgroup: primary
# AWS Authentication (set via strata datasource auth or environment variables)
# access_key_id:
# secret_access_key:
Required Fields
- region - AWS region where Athena is located
- s3_output_location - S3 location for query results
- database - Athena database/schema name
Optional Fields
- catalog - Catalog name (default:
awsdatacatalog) - workgroup - Workgroup name
- access_key_id - AWS access key (set via
strata datasource author environment) - secret_access_key - AWS secret key (set via
strata datasource author environment)
Example
athena_data:
adapter: athena
name: AWS Athena
tier: cold
query_timeout: 600
region: us-east-1
s3_output_location: s3://my-athena-results/queries/
database: analytics
catalog: awsdatacatalog
workgroup: primary
Authentication
Option 1: IAM Role (Recommended)
For EC2/ECS/Lambda deployments, use an IAM role attached to the compute environment. No explicit credentials needed — the AWS SDK picks up permissions automatically.
The IAM role needs the following permissions:
- Athena — query execution (
athena:StartQueryExecution,athena:GetQueryExecution,athena:GetQueryResults, etc.) - S3 — read/write access to the
s3_output_locationbucket (Athena writes query results here) - Glue — read access to the data catalog (if using the default AWS Glue catalog)
The managed policies AmazonAthenaFullAccess and AmazonS3FullAccess cover these requirements. For tighter scoping, create a custom policy limited to your specific S3 buckets and Glue catalogs.
Option 2: Explicit Credentials
Set via CLI:
strata datasource auth athena_data
The IAM user behind these credentials needs the same permissions listed above.
Option 3: Environment Variables
Set environment variables:
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...
S3 Output Location
Required S3 bucket for query results:
s3_output_location: s3://my-bucket/athena-results/
Requirements:
- Bucket must exist
- IAM role/user must have write permissions
- Results stored temporarily
Best Practices
- Use IAM roles - Most secure for EC2/ECS/Lambda
- Set cold tier - Athena is slower than other adapters
- Configure S3 bucket - Ensure proper permissions
- Use workgroups - Organize and control costs
Next Steps
- Managing Datasources - add and test