-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathathena-s3vector-connector.yaml
More file actions
91 lines (88 loc) · 3.6 KB
/
athena-s3vector-connector.yaml
File metadata and controls
91 lines (88 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
Transform: 'AWS::Serverless-2016-10-31'
Metadata:
AWS::ServerlessRepo::Application:
Name: S3VectorAthenaConnector
Description: S3 Vector Athena Connector for querying vector data stored in S3
Author: 'AWS Labs'
SpdxLicenseId: Apache-2.0
LicenseUrl: LICENSE.txt
ReadmeUrl: README.md
Labels: ['athena-federation']
HomePageUrl: https://github.com/awslabs/nx-neptune
SemanticVersion: 0.1.0
SourceCodeUrl: https://github.com/awslabs/nx-neptune
# Parameters are CloudFormation features to pass input
# to your template when you create a stack
Parameters:
AthenaCatalogName:
Description: 'This is the name of the lambda function that will be created. This name must satisfy the pattern ^[a-z0-9-_]{1,64}$'
Type: String
AllowedPattern: ^[a-z0-9-_]{1,64}$
SpillBucket:
Description: 'The name of the bucket where this function can spill data.'
Type: String
SpillPrefix:
Description: 'The prefix within SpillBucket where this function can spill data.'
Type: String
Default: athena-spill
LambdaTimeout:
Description: "Maximum Lambda invocation runtime in seconds. (min 1 - 900 max)"
Default: 900
Type: Number
LambdaMemory:
Description: "Lambda memory in MB (min 128 - 3008 max)."
Default: 512
Type: Number
S3VectorBucketName:
Description: "The name of the S3 vector bucket to query."
Type: String
DisableSpillEncryption:
Description: "WARNING: If set to 'true' encryption for spilled data is disabled."
Default: "false"
Type: String
Resources:
ConnectorConfig:
Type: 'AWS::Serverless::Function'
Properties:
Environment:
Variables:
disable_spill_encryption: !Ref DisableSpillEncryption
spill_bucket: !Ref SpillBucket
spill_prefix: !Ref SpillPrefix
FunctionName: !Sub "${AthenaCatalogName}"
Handler: "com.amazonaws.athena.connectors.s3vector.S3VectorCompositeHandler"
CodeUri: "./target/athena-s3vector-connector-0.1.0.jar"
Description: "A guided example for writing and deploying your own federated Amazon Athena connector for a custom source."
Runtime: java11
Timeout: !Ref LambdaTimeout
MemorySize: !Ref LambdaMemory
Policies:
- Statement:
- Action:
- athena:GetQueryExecution
Effect: Allow
Resource: !Sub 'arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/*'
Version: '2012-10-17'
# S3 Vector list access (account-wide)
- Statement:
- Sid: AllowVectorListAccess
Effect: Allow
Action:
- s3vectors:ListIndexes
- s3vectors:ListVectors
Resource: !Sub 'arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:*'
# S3 Vector data access (scoped to specific bucket and its indexes)
- Statement:
- Sid: AllowVectorDataAccess
Effect: Allow
Action:
- s3vectors:GetIndex
- s3vectors:QueryVectors
- s3vectors:GetVectors
Resource:
- !Sub 'arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:vector-bucket/${S3VectorBucketName}'
- !Sub 'arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:vector-bucket/${S3VectorBucketName}/*'
#S3CrudPolicy allows our connector to spill large responses to S3. You can optionally replace this pre-made policy
#with one that is more restrictive and can only 'put' but not read,delete, or overwrite files.
- S3CrudPolicy:
BucketName: !Ref SpillBucket