Skip to content

AWS Athena Guide (Beta)

Support for AWS Athena is in private beta, available for select customers. To get access for the beta, please email us at support@satoricyber.com.

It only takes a few minutes to get started with Satori. What you need is:

  • Access to Satori's management console.
  • The AWS region where your Athena data is hosted, for example: us-east-1 for AWS in N. Virginia.

Adding an AWS Athena data store to Satori

  1. Login to Satori's management console at https://app.satoricyber.com.
  2. In the Data Stores view, select Add Data Store.
  3. Select the AWS Athena option.
  4. Enter an informative name for the data store, for example: Sales Data Warehouse.
  5. Select the AWS region where your data is hosted, for example: us-east-1.
  6. Click Create. You will be redirected to the Data Stores list.

Connect to AWS Athena via Satori

To connect to AWS Athena using Satori use the Satori hostname that was generated by the management console which can be found under Satori Hostname in the data store settings view, for example: abc123.us-east-1.a.p0.satoricyber.net.

Authenticating with AWS Credentials

AWS Athena uses a different authentication scheme than most other databases - the client does not send the password to the server on the HTTP request, to be checked by the server. Instead, the client uses the password to cryptographically sign the HTTP request and the server checks that signature. To support this authentication scheme, Satori needs to re-sign the HTTP request before it sends it to Athena using the credentials of the user.

To send the user credentials to Satori, concatenate the AWS_SECRET_KEY to the AWS_ACCESS_KEY as follows: AWS_ACCESS_KEY|AWS_SECRET_KEY.

Connecting with the JDBC driver

To connect with the JDBC driver, override or add the following parameters in the JDBC URL:

  • EndpointOverride=<Satori Hostname>:443
  • UseResultsetStreaming=0
  • User=<AWS_ACCESS_KEY>|<AWS_SECRET_KEY>
  • Password=<AWS_SECRET_KEY>

For example:

jdbc:awsathena://AwsRegion=us-east-1;EndpointOverride=abc123.us-east-1.a.p0.satoricyber.net:443;UseResultsetStreaming=0;User=AKIAYC5GYL27Q4ZE5H4L|CbfbaJJiszfBxkWkNFgvzx3GPx3t3bye49Jzu5f3;Password=CbfbaJJiszfBxkWkNFgvzx3GPx3t3bye49Jzu5f3;...

Connecting with Python

To connect with Python, set the endpoint_url argument to the client function, and the AWS credentials as described above. For example:

client = boto3.client(service_name='athena', region_name='us-east-1',
  endpoint_url="https://abc123.us-east-1.a.p0.satoricyber.net",
  aws_access_key_id="AKIAYC5GYL27Q4ZE5H4L|CbfbaJJiszfBxkWkNFgvzx3GPx3t3bye49Jzu5f3",
  aws_secret_access_key="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")