Athena
info
Statsig Warehouse Native is in Beta. Some features available elsewhere (Metric Explorer, Assign & Analyze Experiments) are coming to Athena based on customer interest.
Overview
To set up connection with Athena, Statsig needs the following
- Region
- Granting Athena Access Permissions to a Statsig-owned Service Account through an IAM Role
In place of granting Athena Access Permissions to a Statsig-owned Service Account, you can also provide the following:
- IAM User Access Key
- IAM Secret Access Key
Grant Permissions to Statsig
You need to grant some permissions for Statsig from your AWS console in order for us to access your Athena data.
-
Create an (A) IAM Role, or (B) IAM User
(A) IAM Role
- In your AWS IAM Dashboard, select the Roles page under the Access Management tab
- Create a new Role
- Under the Trust Relationships tab of this newly created Role, edit the trust policy to include the Assume Role action for the provided Statsig Service Account:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "<STATSIG_SERVICE_ACCOUNT>"
},
"Action": "sts:AssumeRole"
}
]
}
(B) IAM User
- In your AWS IAM Dashboard, select the Users page under the Access Management tab
- Create a new User
- Under the Security Credentials tab of this newly created User, find the Access Keys block
- Select Create Access Key, and choose 'Application running outside AWS' from the Use Case options
-
Under the Permissions tab for your newly created Role/User, add the Permission Policies outlined below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<S3_BUCKET>"
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<S3_BUCKET>/<PATH_TO_EVENTS_AND_EXPOSURES_DATA>/*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"athena:StartQueryExecution",
"athena:GetQueryResults",
"athena:GetQueryExecution",
"glue:GetTable",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetPartition",
"glue:GetPartitions",
"glue:CreatePartition",
"glue:UpdatePartition",
"glue:DeletePartition",
"glue:BatchCreatePartition",
"glue:BatchDeletePartition",
"glue:GetDatabase"
],
"Resource": [
"arn:aws:s3:::<S3_BUCKET>/<PATH_TO_QUERY_RESULTS_FOLDER>/*",
"arn:aws:s3:::<S3_BUCKET>/<STATSIG_S3_FOLDER>/*",
"arn:aws:athena:*:<ACCOUNT_ID>:*",
"arn:aws:glue:<REGION>:<ACCOUNT_ID>:*"
]
}
]
}
Setup Athena Query Flow
-
Create or choose an Athena database to use
-
Choose an S3 location folder for query results to be stored