AWS Athena data source on EC2 with the role-based access

Issue Summary

@arikfr I am not sure that is a misconfiguration that looks like an issue.

I running the image redash/redash:7.0.0.b18042 within one pod server, scheduler, redis and external RDS PostgreSQL. Everything working as expected fine but we want to expand sources of the data and be able to query and add Athena as additional ds.

From the pod as from the EC2 instance, we can reach our resources(s3, Athina) on role-based, but can’t use Athina as an additional data source.

python manage.py ds new "athena" --type "athena" --options '{"aws_access_key": "", "aws_secret_key": "", "region": "us-west-2", "s3_staging_dir": "s3://our-athena-query-bucket/logs"}'

but in test we are getting error:

redash@redash-szvx9:/app# python manage.py ds test "athena"
[2019-12-23 16:27:42,958][PID:4703][INFO][root] Generating grammar tables from /usr/lib/python2.7/lib2to3/Grammar.txt
[2019-12-23 16:27:42,977][PID:4703][INFO][root] Generating grammar tables from /usr/lib/python2.7/lib2to3/PatternGrammar.txt
Testing connection to data source: athena (id=9)
[2019-12-23 16:27:44,740][PID:4703][ERROR][pyathena.common] Failed to execute query.
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/pyathena/common.py", line 154, in _execute
    **request)
  File "/usr/local/lib/python2.7/dist-packages/pyathena/util.py", line 57, in retry_api_call
    return retry(func, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tenacity/__init__.py", line 358, in call
    do = self.iter(retry_state=retry_state)
  File "/usr/local/lib/python2.7/dist-packages/tenacity/__init__.py", line 319, in iter
    return fut.result()
  File "/usr/local/lib/python2.7/dist-packages/concurrent/futures/_base.py", line 455, in result
    return self.__get_result()
  File "/usr/local/lib/python2.7/dist-packages/tenacity/__init__.py", line 361, in call
    result = fn(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
ClientError: An error occurred (UnrecognizedClientException) when calling the StartQueryExecution operation: The security token included in the request is invalid.
Failure: An error occurred (UnrecognizedClientException) when calling the StartQueryExecution operation: The security token included in the request is invalid.

All options with env as mentioned here https://github.com/getredash/redash/issues/4188 were tested but the same error in any attempt.

Technical details:

  • Redash Version: 7.0.0.b18042
  • Browser/OS: Ubuntu 16.04
  • How did you install Redash: docker-compose