Amazon Athena

Version 24.2.9064


Amazon Athena


CData Sync アプリケーションからAmazon Athena コネクタを使用して、Amazon Athena からデータを取得してサポートされている任意の同期先に移動できます。これを行うには、コネクタを追加し、コネクタへの認証を行い、接続を完了する必要があります。

Amazon Athena コネクタを追加

Sync でAmazon Athena のデータを使用できるようにするには、まず以下の手順でコネクタを追加する必要があります。

  1. Sync のダッシュボードから接続ページを開きます。

  2. 接続を追加をクリックしてコネクタを選択ページを開きます。

  3. データソースタブをクリックしてAmazon Athena 行に移動します。

  4. 行末にある接続を設定アイコンをクリックして、新しい接続ページを開きます。接続を設定アイコンが利用できない場合は、コネクタをダウンロードアイコンをクリックしてAmazon Athena コネクタをインストールします。新規コネクタのインストールについて詳しくは、接続を参照してください。

Amazon Athena への認証

コネクタを追加したら、必須プロパティを設定する必要があります。

  • Connection Name - Enter a connection name of your choice.

  • S3 Staging Directory - Enter the S3 folder path (for example, s3://MyBucketName) where you want to store the results of queries.

  • Data Source - Enter the name of the Amazon Athena data source to which you want to connect.

CData Sync supports authenticating to Amazon Athena in several ways. Select your authentication method below to proceed to the relevant section that contains the authentication details.

ADFS

To connect with user credentials, specify the following properties:

  • Auth Scheme - Select ADFS.

  • User - Enter the username that you use to authenticate to your Active Directory Federation Services account.

  • Password - Enter the password that you use to authenticate to your Active Directory Federation Services account.

  • SSO Login URL - Enter the login URL that is used by your SSO provider.

  • Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Active Directory Federation Services while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

AwsRootKeys

To connect with your account root credentials, specify the following properties:

  • Auth Scheme - Select AwsRootKeys.

  • AWS Access Key - Enter the access key that is associated with your Amazon Web Services (AWS) account. This value is accessible from your AWS security credentials page.

  • AWS Secret Key - Enter the secret key that is associated with your AWS account. This value is accessible from your AWS security credentials page.

AwsIAMRoles

To connect with IAM user credentials, specify the following properties:

  • Auth Scheme - Select AwsIAMRoles.

  • AWS Access Key - Enter your Amazon Web Services (AWS) account access key. This value is available on you AWS security-credentials page.

  • AWS Secret - Enter your Amazon Web Services (AWS) account secret. This value is available on you AWS security-credentials page.

  • AWS Role Arn - Enter the Amazon Resource Name of the role that you want to use when you authenticate.

  • AWS External Id (optional) - Enter a unique identifier that might be required when you assume a role in another account.

AwsEC2Roles

To connect with your EC2 user credentials, specify the following properties:

  • Auth Scheme - Select AwsEC2Roles.

  • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

  • AWS External Id (optional) - Enter a unique identifier that might be required when you assume a role in another account.

AwsMFA

To connect with your multifactor authentication credentials, specify the following properties:

  • Auth Scheme - Select AwsMFA.

  • MFA Serial Number - Enter the serial number for your multifactor authentication (MFA) device, if you are using such a device.

  • MFA Token - Enter the temporary token that is available from your MFA device.

  • Temporary Token Duration - Enter the duration, in seconds, that you want for your temporary credentials. The default duration is 3600.

AwsCredentialsFile

To connect with a credentials file, specify the following properties:

  • Auth Scheme - Select AwsCredentialsFile.

  • AWS Credentials File - Enter the location of your credentials file.

  • AWS Credentials File Profile (optional) - Enter the name of the profile that you want to use from the specified credentials file. If you do not specify a profile, Sync uses the profile named default.

Okta

To connect with single sign-on (SSO) via Okta, specify the following properties:

  • Auth Scheme - Select Okta.

  • User - Enter the username that you use to authenticate to your Okta account.

  • Password - Enter the password that you use to authenticate to your Okta account.

  • SSO Login URL - Enter the login URL that is used by your SSO provider.

  • SSO Properties - Enter additional properties that are required to connect to your identity provider. You must use a semicolon-separated list of properties (for example, SSOProperty1=Value1;SSOProperty2=Value2;…).

  • Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

PingFederate

To connect with single sign-on via PingFederate, specify the following properties:

  • Auth Scheme - Select PingFederate.

  • User - Enter the username that you use to authenticate to your PingFederate account.

  • Password - Enter the password that you use to authenticate to your PingFederate account.

  • SSO Login URL - Enter the login URL that is used by your SSO provider.

  • SSO Properties - Enter additional properties that are required to connect to your identity provider. You must use a semicolon-separated list of properties (for example, SSOProperty1=Value1;SSOProperty2=Value2;…).

  • SSO Exchange UrI - Enter the Partner Service Identifier URI that is configured in your PingFederate server instance. The URI is available under SP Connections > SP Connection > WS-Trust > Protocol Settings.

  • Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through PingFederate while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

  • AWS Principal ARN (optional) - The Amazon Resource Name (ARN) of the Security Assertion Markup Language (SAML) identity provider in your AWS account.

AwsCognitoBasic

To connect with your Amazon Web Services (AWS) Cognito credentials, specify the following properties:

  • Auth Scheme - Select AwsCognitoBasic.

  • AWS User Pool Id - Enter your Amazon Web Services (AWS) user-pool Id.

  • AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

  • AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

  • AWS User Pool Client App Secret - Enter the secret for your user-pool client.

AwsCognitoSrp

To connect with your Amazon Web Services (AWS) Cognito credentials, specify the following properties:

  • Auth Scheme - Select AwsCognitoSrp.

  • Auth Scheme - Select AwsCognitoBasic.

  • AWS User Pool Id - Enter your Amazon Web Services (AWS) user-pool Id.

  • AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

  • AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

  • AWS User Pool Client App Secret - Enter the secret for your user-pool client.

AzureAD

To connect with Azure Active Directory, specify the following properties:

  • Auth Scheme - Select AzureAD.

  • SSO Properties - Enter additional properties that are required to connect to your identity provider. You must use a semicolon-separated list of properties (for example, SSOProperty1=Value1;SSOProperty2=Value2;…).

  • OAuth Client Id - Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

  • OAuth Client Secret - Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.

  • Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Azure Active Directory while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

Complete Your Connection

To complete your connection:

  1. Specify these settings:

    • AWS Region - Select the hosting region for your Amazon Web Services. The default region is NORTHERNVIRGINIA.

    • Database - Enter the name of the database that to which you want to connect when you connect to the PostgreSQL server.

  2. 高度な設定タブで接続の高度な設定を定義します。(ただし、ほとんどの場合これらの設定は必要ありません。)

  3. AzureAD で認証する場合は、Amazon Athena への接続 をクリックしてAmazon Athena アカウントに接続します。

  4. 作成およびテストをクリックして接続を作成します。