Skip to main content

PrivaceraCloud Documentation



This topic describes how to connect Athena to PrivaceraCloud.

Prerequisites in AWS console

Before connecting Athena to PrivaceraCloud for Privacera Access Management, make sure that only one Privacera dataserver.

In your AWS console:

  1. Create or use an existing IAM role in your environment. The role should be given access permissions by attaching an access policy.

  2. Configure a trust relationship with PrivaceraCloud. See AWS Access Using IAM Trust Relationship for specific instructions and requirements for configuring this IAM Role.

  3. Save the ARN, which you need to set in PrivaceraCloud in the following steps.

To verify the connection of Athena, Privacera recommends that you install the AWS CLI. Install and configure the AWS CLI on your sytem so that it uses the PrivaceraCloud S3 Data Server proxy.

Connect Athena with IAM role and trust relationship

  1. Go to Setting > Applications.

  2. Select Athena.

  3. Enter the application Name and Description.

  4. Click Save.

  5. Click the toggle to enable Access Management for the application.

    On the BASIC tab, enter values in the following fields.

    • With Use IAM Role disabled:

      1. AWS Access Key: AWS data repository host account Access Key

      2. AWS Account Secret Key: AWS data repository host account Secret Key

      3. AWS_ATHENA_RESULT_STORAGE_URL: Query results storage bucket URL

      4. Click Save.

    • With Use IAM Role enabled, enter values for the following fields:

      1. AWS IAM Role

      2. AWS IAM Role External Id

      3. AWS_ATHENA_RESULT_STORAGE_URL: Query results storage bucket URL

      4. Click Save.

  6. In the ADVANCED tab, you can add custom properties.

  7. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  8. Recommended: Validate connectivity by running the AWS CLI for Athena queries such as the following:

    aws athena start-query-execution --query-string "SHOW DATABASES"