Setting up
If you've already signed up for Amazon Web Services, you can start using Amazon Athena immediately. If you haven't signed up for AWS or need assistance getting started, be sure to complete the following tasks:
2. Create an IAM administrator user and group
3. Attach managed policies for Athena
1. Sign up for an AWS account
When you sign up for AWS, your account is automatically signed up for all services
in AWS, including Athena. You are charged only for the services that you use. For
pricing information, see Amazon Athena
pricing
If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the following procedure to create one.
To create an AWS account
-
Open http://aws.amazon.com/
, and then choose Create an AWS account. -
Follow the online instructions. Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.
-
Note your AWS account number, because you need it for the next task.
2. Create an IAM administrator user and group
An AWS Identity and Access Management (IAM) user is an account that you create to access services. It is a
different user than your main AWS account. As a security best practice, we recommend
that you use the IAM user's credentials to access AWS services. You use the IAM
console to create an administrator IAM user and an Administrators
group for the user. You can then access the console for Athena and other AWS services
by accessing a special link and providing the credentials for the IAM user that you
created.
For steps, see Creating an administrator IAM user and user group (console) in the IAM User Guide.
3. Attach managed policies for Athena
After you have created an IAM user, you must attach some Athena managed policies to
the user so that the user can access Athena. There are two managed policies for Athena:
AmazonAthenaFullAccess
and AWSQuicksightAthenaAccess
.
These policies grant permissions to Athena to query Amazon S3 and to write the results of your
queries to a separate bucket on your behalf. To see the contents of these policies for
Athena, see AWS managed policies for Amazon Athena.
For steps to attach the Athena managed policies, follow Adding IAM identity permissions (console) in the
IAM User Guide and add the
AmazonAthenaFullAccess
and AWSQuicksightAthenaAccess
managed policies to the IAM administrator user that you created.
You may need additional permissions to access the underlying dataset in Amazon S3. If you are not the account owner or otherwise have restricted access to a bucket, contact the bucket owner to grant access using a resource-based bucket policy, or contact your account administrator to grant access using an identity-based policy. For more information, see Access to Amazon S3. If the dataset or Athena query results are encrypted, you may need additional permissions. For more information, see Encryption at rest.
4. Sign in as an IAM user
To sign in as the new IAM user that you created, you can use the custom sign-in URL
for the IAM users of your account. To see the sign-in URL for the IAM users for your
account, open the IAM console and choose Users,
user_name
, Security
credentials, Console sign-in link. As a convenience,
you can use the clipboard icon to copy the sign-in URL to the clipboard.
For more information about signing in as an IAM user, see How IAM users sign in to your AWS account in the IAM User Guide.