Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Connecting Claude AI to AWS Athena using an AWS-hosted MCP Server

-1

I'm looking to connect Claude AI to Amazon Athena using an AWS-hosted MCP (Model Context Protocol) server.

My goal is to allow Claude to:

  • Discover Athena schemas and tables
  • Execute SQL queries
  • Retrieve query results securely
  • Potentially enforce row-level or IAM-based access controls

I have a few questions:

What is the recommended AWS architecture to host an MCP server that connects to Athena?

  • EC2
  • Lambda + API Gateway
  • ECS/Fargate
  • App Runner

What is the best way to authenticate Claude to the MCP server securely?

  • IAM roles
  • OAuth
  • API keys
  • AWS Cognito

How should the MCP server authenticate to Athena?

  • IAM role attached to compute
  • AssumeRole
  • IAM Identity Center

Are there any AWS-native reference architectures or best practices for exposing Athena securely to external AI systems?

How can I:

  • Enforce fine-grained access (Lake Formation?)
  • Prevent large query cost overruns?
  • Control query timeouts and limits?
  • Is there a recommended way to stream large Athena result sets back through an API endpoint?

Any architectural guidance or real-world implementation examples would be greatly appreciated.

Topics
Machine Learning & AIDeveloper ToolsGenerative AI on AWS
Tags
AWS MCP Server
Language
English
asked 3 months ago26 views
1 Answer
0

Would suggest to deploy the MCP server within a managed compute environment such as Amazon ECS with Fargate or AWS App Runner. Authentication between Claude and the MCP server should be handled using OAuth2 or Amazon Cognito, ensuring secure identity management. The MCP server itself should access Athena using IAM roles attached to the compute environment or via AssumeRole for cross-account scenarios. Fine-grained data access can be enforced through AWS Lake Formation, while query costs and execution limits can be controlled using Athena Workgroup configurations and API-level constraints. For large query outputs, results should be streamed efficiently by leveraging Athena’s native S3-based result storage combined with pagination mechanisms.

https://docs.aws.amazon.com/athena/latest/ug/security.html

https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/architecture.html

https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html

https://docs.aws.amazon.com/athena/latest/ug/performance-tuning.html

EXPERT
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content