Logging and monitoring in Athena

To detect incidents, receive alerts when incidents occur, and respond to them, use these options with Amazon Athena:

Monitor Athena with AWS CloudTrail – AWS CloudTrail provides a record of actions taken by a user, role, or an AWS service in Athena. It captures calls from the Athena console and code calls to the Athena API operations as events. This allow you to determine the request that was made to Athena, the IP address from which the request was made, who made the request, when it was made, and additional details. For more information, see Logging Amazon Athena API calls with AWS CloudTrail.

You can also use Athena to query the CloudTrail log files not only for Athena, but for other AWS services. For more information, see Querying AWS CloudTrail logs.
Monitor Athena usage with CloudTrail and Amazon QuickSight – Amazon QuickSight is a fully managed, cloud-powered business intelligence service that lets you create interactive dashboards your organization can access from any device. For an example of a solution that uses CloudTrail and Amazon QuickSight to monitor Athena usage, see the AWS Big Data blog post How Realtor.com monitors Amazon Athena usage with AWS CloudTrail and Amazon QuickSight.
Use EventBridge with Athena – Amazon EventBridge delivers a near real-time stream of system events that describe changes in AWS resources. EventBridge becomes aware of operational changes as they occur, responds to them, and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information. Events are emitted on a best effort basis. For more information, see Getting started with Amazon EventBridge in the Amazon EventBridge User Guide.
Use workgroups to separate users, teams, applications, or workloads, and to set query limits and control query costs – You can view query-related metrics in Amazon CloudWatch, control query costs by configuring limits on the amount of data scanned, create thresholds, and trigger actions, such as Amazon SNS alarms, when these thresholds are breached. For a high-level procedure, see Setting up workgroups. Use resource-level IAM permissions to control access to a specific workgroup. For more information, see Using workgroups for running queries and Controlling costs and monitoring queries with CloudWatch metrics and events.

Topics

Logging Amazon Athena API calls with AWS CloudTrail

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Enabling federated access to the Athena API

Logging Amazon Athena API calls with AWS CloudTrail