Problem connecting to AWS Athena

KjeZ · April 24, 2023, 1:46pm

Hi,

I am having issues adding an Athena instance to Metabase, I have the latest version of Metabase running in a docker container and first I got some issues that the EC2 instance that the docker is running on doesn't have the appropriate permissions.

That has been fixed but now I get this error instead:
[JDBC Driver]PreparedStatement stmt5047094121 was not found in WorkGroup primary (Service: AmazonAthena; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 26aa5f35-f531-4685-9442-d7d7348c9212; Proxy: null)

Any ideas on what I am doing wrong?

Here is some more info on the environment:
{
"browser-info": {
"language": "sv-SE",
"platform": "Win32",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
"vendor": "Google Inc."
},
"system-info": {
"file.encoding": "UTF-8",
"java.runtime.name": "OpenJDK Runtime Environment",
"java.runtime.version": "11.0.18+10",
"java.vendor": "Eclipse Adoptium",
"java.vendor.url": "https://adoptium.net/",
"java.version": "11.0.18",
"java.vm.name": "OpenJDK 64-Bit Server VM",
"java.vm.version": "11.0.18+10",
"os.name": "Linux",
"os.version": "6.1.23-36.46.amzn2023.x86_64",
"user.language": "en",
"user.timezone": "GMT"
},
"metabase-info": {
"databases": [
"h2"
],
"hosting-env": "unknown",
"application-database": "postgres",
"application-database-details": {
"database": {
"name": "PostgreSQL",
"version": "15.2"
},
"jdbc-driver": {
"name": "PostgreSQL JDBC Driver",
"version": "42.5.1"
}
},
"run-mode": "prod",
"version": {
"date": "2023-04-05",
"tag": "v0.46.1",
"branch": "release-x.46.x",
"hash": "12a6e1d"
},
"settings": {
"report-timezone": null
}
}
}

Luiggi · April 24, 2023, 2:05pm

Hi, I'm not an Athena expert, but seems that there's something that's not there: How workgroups work - Amazon Athena

KjeZ · April 25, 2023, 7:02am

Yeah, I dont understand whats causing this because I think I have given all the access it should need in an AWS policy (based on AWS best practices) :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "athena:ListDataCatalogs",
                "athena:GetDataCatalog",
                "athena:ListWorkGroups"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload",
                "lambda:InvokeFunction",
                "athena:GetWorkGroup",
                "athena:UpdateWorkGroup",
                "athena:CreateWorkGroup",
                "athena:StartQueryExecution",
                "athena:GetQueryExecution",
                "athena:GetQueryResults",
                "athena:StopQueryExecution",
                "athena:GetDataCatalog",
                "athena:ListDataCatalogs",
                "athena:CreatePreparedStatement",
                "athena:DeletePreparedStatement",
                "athena:GetQueryResultsStream",
                "athena:BatchGetQueryExecution",
                "athena:ListQueryExecutions",
                "athena:ListEngineVersions",
                "athena:GetDatabase",
                "athena:GetTableMetadata",
                "athena:ListDatabases",
                "athena:ListTableMetadata"
            ],
            "Resource": [
                "arn:aws:lambda:eu-west-5:xxxxxxxxxxxx:function:athena_dynadb_poc",
                "arn:aws:athena:eu-west-5:xxxxxxxxxxxx:workgroup/primary",
                "arn:aws:s3:::meta-athena-spillover/*",
                "arn:aws:s3:::meta-athena-spillover/athena-spillover*"
            ]
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::meta-athena-spillover"
        }
    ]
}

and I am setting primary as the setting in Metabase when trying to add the Athena DB

TonyC · April 26, 2023, 8:01am

Can you give super user access just to make sure you are able to connect?