AWS setup
| Info |
|---|
The KADA Athena extractor requires a User with the following IAM policy OR a User that can assume a role with equivalent IAM policy. |
| Note |
|---|
The Athena integration is currently in beta. Some changes may occur in the near future. Please check with the KADA team prior to using this. |
The IAM policy for the KADA Athena extractor requires the following:
...
Example Role Policy to allow Athena Access with least privileges for actions.
Note this
This policy has access to ALL Athena workgroups, due to the
Resources: '*'ATHENA RESULTS BUCKET NAMEneeds to be changed to your bucket.
| Code Block |
|---|
AWSTemplateFormatVersion: "2010-09-09"
Description: 'AWS IAM Role - Athena and Cloudtrail Access to KADA'
Resources:
KadaAthenaRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "KadaAthenaRole"
MaxSessionDuration: 43200
Path: "/"
KadaAthenaPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: root
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- athena:BatchGetQueryExecution
- athena:GetQueryExecution
- athena:GetQueryResults
- athena:GetQueryResultsStream
- athena:ListQueryExecutions
- athena:StartQueryExecution
- athena:ListWorkGroups
- athena:ListDataCatalogs
- athena:ListDatabases
- athena:ListTableMetadata
Resource: '*'
- Effect: Allow
Action:
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:ListMultipartUploadParts
- s3:AbortMultipartUpload
- s3:PutObject
- s3:PutBucketPublicAccessBlock
- s3:DeleteObject
Resource:
- arn:aws:s3:::[ATHENA RESULTS BUCKET NAME]
Roles:
- !Ref KadaAthenaRole |
Running the extractor
Setup a python environment Python 3.8+
...