Here’s a quick brain dump on common issues customers have been running into while playing around with the Tableau and Athena during the Tableau 10.3 beta:
I can’t see any of my databases in the database drop-down. All that’s there is AwsDataCatalog
In this scenario, there’s nothing actually wrong. The AWS Data Catalog is an internal metadata store that stores information and schemas about the databases and tables that you created for the data stored in S3. Just choose it, and move on:
After you’ve done so, you’ll find your databases in the Schema drop-down:
Note that Tableau has already changed the labels on these two dropdowns from “Database” and “Schema” to “Catalog” and “Database” for the final release of the product. That way folks are less likley to be confused. Here’s what it’ll look like:
com.tableausoftware.jdbc.TableauJDBCException: Exception while connecting to server. User: arn:aws:iam::[account number]:user/athena-user is not authorized to perform: athena:GetExecutionEngine (Service: AmazonAthena; Status Code: 400; Error Code: AccessDeniedException; Request ID: [guid])
There was a Java error
Unable to connect to the server “athena.[region].amazonaws.com”. Check that the server is running and that you have access privileges to the requested database.
EnumerateTables failed: nothing returned.
Whoops! You haven’t given the user in question (athena-user, in this case) permissions to actually use Athena. You need to do so by associating the AmazonAthenaFullAccess policy with the IAM user in question:
More information on this topic can be found here.
com.tableausoftware.jdbc.TableauJDBCException: Exception in runQuery for query: [SELECT statement goes here] Insufficient permissions to execute the query.
There was a Java error.
Are you sure the logged-in IAM user who is attempting to execute the viz has permissions on the s3 bucket (and/or folders) in which the data Athena is trying to read is stored? Doesn’t sound like it.
For example, my “athena-user” ran into the error above after I built the viz while logged in as the IAM user who actually owned the s3 bucket in which the “Athena data” lives. Moral of the story: just because it works for you doesn’t mean it’ll work for others. Add a bucket or user policy granting access to the resources. Below, I’ve created a user policy which resolved the error above for athena-user:
We need to be able to see the stuff in the bucket AND get it.