Use Third-Party Tools to Connect to Athena Tables

Amazon Athena is an interactive query service that allows you to use standard SQL to view and analyze data in your organization's Tetra Data Lake S3 bucket. This page describes how you can connect to your Athena tables from one of these third-party tools:

  • IDE Tools (IntelliJ IDEA)
  • Java Spring
  • TIBCO Spotfire
  • Tableau
  • Python

Before You Begin

Before you can use a third-party tool to connect to Athena tables, you must:

  • Download an Athena JDBC driver
  • Locate connection details from the Tetra Data Platform (TDP)

Download the Athena JDBC Driver

Amazon Athena provides a JDBC driver for connections. Any third-party tool that can use a JDBC driver can connect to Amazon Athena. You can also use Java to programmatically access Athena.

The JDBC driver that you select is based on which Java version you use. Make sure that the driver you select matches your current Java version (for example, JDK 8.0 or JDK 9.0).

To locate a JDBC driver, its download address, and its usage details, see Connecting to Amazon Athena with JDBC in the AWS documentation.

📘

NOTE

(For single-tenant deployments only) Using the Amazon Athena JDBC driver will result in additional costs in your AWS account, because the driver runs Amazon Athena queries. Query costs depend on the amount of data stored in your environment. For more information, see Amazon Athena Pricing in the AWS documentation.

Locate Connection Details from the TDP

To get the connection details for Amazon Athena, see Get AWS Credentials to Query Athena SQL Tables.

To connect to Athena, make sure that you write down the following connection details from the SQL Access page for future use:

  • ACCESS KEY
  • SECRET KEY
  • DRIVERS
  • URL (address for Athena) connection parameter
  • S3OUTPUTLOCATION connection parameter

📘

Self-Hosting the TDP

If you are self-hosting the TDP in your AWS accounts and set the deployment parameter AthenaCreateIamUser to false, then the credentials are not available in the Tetra Data Platform UI.

To obtain the JDBC credentials:

  1. Locate your organizational slug on the Organizational Details page. For instructions, see Viewing Organization Details.
  2. In AWS Identity and Access Management (IAM), locate a policy named: ts-platform-<awsRegion>-production-<orgSlug>-policy.
  3. Create an IAM user or role in the AWS account where TDP is hosted and assign it to the policy.
  4. Use the credentials of the role or user to access Athena. For instructions, see Connecting to Amazon Athena with JDBC in the AWS documentation.

Connect to Athena Tables Using Third-Party Tools

After you have downloaded the appropriate Athena JDBC driver to use and located the connection details from the SQL Access page in the TDP, you can select which third-party tool you want to use:

Security

Every organization on Tetra Data Platform (TDP) is automatically provisioned with a separate AWS KMS (Key Management Service) Key.

The query result is encrypted using SSE_KMS (The driver uses server-side encryption with an AWS KMS-management Key).

Additionally, the JDBC driver automatically applies SSL encryption to all connections. SSL encryption protects data and credentials when they are transferred over the network, and provides stronger security than authentication alone. The SSL indicates both TLS (Transport Layer Security) and SSL (Secure Socket Layer). The driver supports industry-standard versions of TLS/SSL.

The TLS version that the driver supports depends on which JVM version is installed. The TLS version used for the connections is the latest version that is supported by the both driver and the server.

955

Supported Protocols and Algorithms

Reference: Oracle Blog: Diagnosing TLS, SSL, and HTTPS