Accessing Amazon Athena over JDBC with an IAM role

It is indeed a best practice to use an IAM role rather than embedding credentials in the JDBC connection string. Attach the AWSQuicksightAthenaAccess Managed Policy to the IAM role used in the EC2 instance profile. Then specify the DefaultAWSCredentialsProviderChain in the JDBC connection string. The JDBC connection string would look like this:

jdbc:awsathena://AwsRegion=<aws-region>;S3OutputLocation=s3://<s3_bucket>/;AwsCredentialsProviderClass=com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain

Read more here on Using Athena with the JDBC Driver.