Update Simba JDBC Driver for Amazon Athena to Support SSO¶
Applies from release 2021.1
Access to Amazon Athena from Alation using authentication federation requires a JDBC driver that supports the AWS STS API. The standard Athena JDBC driver by Simba recommended by Alation and distributed by Amazon does not support this feature out of the box. You will need to modify the Simba JDBC driver and connect to your Athena data source in Alation using the modified driver .jar.
Follow the steps in this section to generate a modified version of the Simba JDBC driver for Athena:
The driver for Athena recommended and supported by Alation is Simba JDBC driver for Athena version 2.0.8: athena-jdbc42-2.0.8.jar. Download the driver .jar file and move it to any temporary directory on the Alation host.
Note
The driver is distributed by Amazon and can be downloaded from the following page: Using Earlier Version JDBC Drivers.
SSH to the Alation host.
Move the driver .jar file from the temporary location to /opt/alation/alation-<x.y.z.nnnnnn>/data1/site_data/custom_drivers/
<x.y.z.nnnnnn> stands for the Alation version
Note that the same location will be accessible from the Alation shell using the following path: /opt/alation/site/site_data/custom_drivers/
Enter the Alation shell:
sudo /etc/init.d/alation shell
Go to the custom_drivers directory. The driver .jar should be present in this location.
cd /opt/alation/site/site_data/custom_drivers/
Use the driver fixer tool on the driver. This will generate a fixed driver version that can be used in Alation. See Driver Fixer for more details:
sudo /opt/java/amazon-corretto-11.0.7.10.1-linux-x64/bin/java -jar /opt/alation/django/connector/tools/driver-fixer-0.0.1-jar-with-dependencies.jar -i AthenaJDBC42_2.0.8.jar -o athena_fixed-driver-2.0.8.jar
This command will give you a fixed driver .jar file named athena_fixed-driver-2.0.8.jar in the **custom_drivers directory.
Remove the original driver .jar from /opt/alation/site/site_data/custom_drivers/, only leaving one version of the Athena driver which is the fixed Athena driver .jar.
Re-package the fixed driver to include a CustomSessionCredentialsProvider.class that will extend the driver with functionality to support STS credentials.
Repackage the Fixed Simba JDBC Driver for Amazon Athena¶
Create 2 new subdirectories com/example at /opt/alation/site/site_data/custom_drivers:
/opt/alation/site/site_data/custom_drivers/com/example
Go to com/example.
Create a new file based on the class definition for CustomSessionCredentialsProvider.java described in Simba driver documentation: Example:CustomSessionCredentialsProvider and save the file at /opt/alation/site/site_data/custom_drivers/com/example as CustomSessionCredentialsProvider.java
/opt/alation/site/site_data/custom_drivers/com/example/CustomSessionCredentialsProvider.java
package com.example; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSCredentialsProvider; import com.simba.athena.amazonaws.auth.BasicSessionCredentials; public class CustomSessionCredentialsProvider implements AWSCredentialsProvider { private BasicSessionCredentials m_credentials; // AWSCredentials can also be used instead of BasicSessionCredentials //Set aws_credentials_provider_class = "com.amazonaws.custom.athena.jdbc.CustomIAMRoleAssumptionSAMLCredentialsProvider" // set AwsCredentialsProviderArguments = "<accessID>,<secretKey>,<sessionToken>" public CustomSessionCredentialsProvider( String awsAccessKey, String awsSecretKey, String sessionToken) { m_credentials = new BasicSessionCredentials( awsAccessKey, awsSecretKey, sessionToken); } @Override public AWSCredentials getCredentials() { return m_credentials; } @Override public void refresh(){ //Use this method if refresh token } }
Return to custom_drivers.
Compile the CustomSessionCredentialsProvider class using the command below:
sudo /opt/java/amazon-corretto-11.0.7.10.1-linux-x64/bin/javac -cp <athena_fixed-driver-2.0.8>.jar com/example/CustomSessionCredentialsProvider.java
A new CustomSessionCredentialsProvider.class should be created in /opt/alation/site/site_data/custom_drivers/com/example:
/opt/alation/site/site_data/custom_drivers/com/example/CustomSessionCredentialsProvider.class
Repackage the existing Athena driver with the new CustomSessionCredentialsProvider.class using the following command:
sudo /opt/java/amazon-corretto-11.0.7.10.1-linux-x64/bin/jar -uf <athena_fixed-driver-2.0.8>.jar com/example/CustomSessionCredentialsProvider.class
Verify that the modified driver includes the new class:
sudo /opt/java/amazon-corretto-11.0.7.10.1-linux-x64/bin/jar -tf <athena_fixed-driver-2.0.8>.jar | grep com.example
Change ownership on the driver .jar file to alation:
sudo chown alation:alation athena_fixed-driver-2.0.8.jar
The repackaged driver should now be visible in the drivers list in Alation. Use this driver to establish the connection to your Athena Data Source in Alation.
On how to add Athena as a data source to Alation, see Amazon Athena