Athena のAPIは今のところこれ
pioho $ aws athena help
:
AVAILABLE COMMANDS
o batch-get-named-query
o batch-get-query-execution
o create-named-query
o delete-named-query
o get-named-query
o get-query-execution
o get-query-results
o help
o list-named-queries
o list-query-executions
o start-query-execution
o stop-query-execution
クエリ実行して、クエリの状態見て、結果を得る
start-query-execution
※ちなみにOutputLocationでクエリ結果がS3に出力されますが、これ必須です。つけないとエラーです。今のところそういった仕様です。
pioho $ aws athena start-query-execution --query-string "select * from sampledb.elb_logs limit 10" --result-configuration OutputLocation=s3://aws-athena-query-results
{
"QueryExecutionId": "0ec3a09e-144b-4a6c-b2f4-a2fb790e4141"
}
get-query-execution
pioho $ aws athena get-query-execution --query-execution-id 0ec3a09e-144b-4a6c-b2f4-a2fb790e4141
{
"QueryExecution": {
"Status": {
"SubmissionDateTime": 1499483900.008,
"State": "SUCCEEDED",
"CompletionDateTime": 1499483901.083
},
"Query": "select * from sampledb.elb_logs limit 10",
"Statistics": {
"DataScannedInBytes": 282613,
"EngineExecutionTimeInMillis": 956
},
"ResultConfiguration": {
"OutputLocation": "s3://aws-athena-query-results/0ec3a09e-144b-4a6c-b2f4-a2fb790e4141.csv"
},
"QueryExecutionId": "0ec3a09e-144b-4a6c-b2f4-a2fb790e4141"
}
}
get-query-results
pioho $ aws athena get-query-results --query-execution-id 0ec3a09e-144b-4a6c-b2f4-a2fb790e4141
{
"ResultSet": {
"Rows": [
{
"Data": [
{
"VarCharValue": "request_timestamp"
},
{
"VarCharValue": "elb_name"
},
{
"VarCharValue": "request_ip"
},
{
"VarCharValue": "request_port"
},
{
"Var
:
:
:
getresultを拒否する
IAM ポリシーをDenyで作成し適用(画像は許可だど..)
Deny get-query-results
pioho $ aws athena get-query-results --query-execution-id 0ec3a09e-144b-4a6c-b2f4-a2fb790e4141
An error occurred (AccessDeniedException) when calling the GetQueryResults operation: User: arn:aws:iam::xxxxxxx:user/piko is not authorized to perform: athena:GetQueryResults
AWS Organization
こちらでも制御できるのでAthenaだけ実行させたいアカウントとかもいいかもね
あとは
リソースをもう少し細かく制御できるといいなぁと