Accessing Amazon Athena over JDBC with an IAM role

Question

I have an analytics application running on EC2.  The application uses the Athena JDBC connector to connect to Athena and run queries.  Can I use an IAM role attached to the EC2 instance to authorize the Athena connection, rather than embedding credentials in the JDBC connection string?

Accepted Answer

It is indeed a best practice to use an IAM role rather than embedding credentials in the JDBC connection string.  Attach the [AWSQuicksightAthenaAccess Managed Policy][1] to the IAM role used in the EC2 instance profile.  Then specify the `DefaultAWSCredentialsProviderChain` in the JDBC connection string.   The JDBC connection string would look like this:

jdbc:awsathena://AwsRegion=;S3OutputLocation=s3:///;AwsCredentialsProviderClass=com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain

Read more here on [Using Athena with the JDBC Driver][2].

[1]: https://docs.aws.amazon.com/athena/latest/ug/awsquicksightathenaaccess-managed-policy.html
  [2]: https://docs.aws.amazon.com/athena/latest/ug/connect-with-jdbc.html

Accessing Amazon Athena over JDBC with an IAM role

관련 콘텐츠