Athena
Overview
Athena Warehouse Native is in beta, please message the team to get early access
To set up connection with Athena, Statsig needs the following
- Region
- Granting Athena Access Permissions to a Statsig-owned Service Account through an IAM Role
In place of granting Athena Access Permissions to a Statsig-owned Service Account, you can also provide the following:
- IAM User Access Key
- IAM Secret Access Key
Grant Permissions to Statsig
You need to grant some permissions for Statsig from your AWS console in order for us to access your Athena data.
Create an (A) IAM Role, or (B) IAM User
(A) IAM Role
- In your AWS IAM Dashboard, select the Roles page under the Access Management tab
- Create a new Role
- Under the Trust Relationships tab of this newly created Role, edit the trust policy to include the Assume Role action for the provided Statsig Service Account:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "<STATSIG_SERVICE_ACCOUNT>"
},
"Action": "sts:AssumeRole"
}
]
}
(B) IAM User
- In your AWS IAM Dashboard, select the Users page under the Access Management tab
- Create a new User
- Under the Security Credentials tab of this newly created User, find the Access Keys block
- Select Create Access Key, and choose 'Application running outside AWS' from the Use Case options
Under the Permissions tab for your newly created Role/User, add the Permission Policies outlined below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<S3_BUCKET>"
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<S3_BUCKET>/<PATH_TO_EVENTS_AND_EXPOSURES_DATA>/*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"athena:StartQueryExecution",
"athena:GetQueryResults",
"athena:GetQueryExecution",
"glue:GetTable",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetPartition",
"glue:GetPartitions",
"glue:CreatePartition",
"glue:UpdatePartition",
"glue:DeletePartition",
"glue:BatchCreatePartition",
"glue:BatchDeletePartition",
"glue:GetDatabase"
],
"Resource": [
"arn:aws:s3:::<S3_BUCKET>/<PATH_TO_QUERY_RESULTS_FOLDER>/*",
"arn:aws:s3:::<S3_BUCKET>/<STATSIG_S3_FOLDER>/*",
"arn:aws:athena:*:<ACCOUNT_ID>:*",
"arn:aws:glue:<REGION>:<ACCOUNT_ID>:*"
]
}
]
}
Setup Athena Query Flow
Create or choose an Athena database to use
Choose an S3 location folder for query results to be stored