AWS CDK L3 construct for managing Athena WorkGroups and named queries.
Because I couldn't get @aws-cdk/aws-athena.CfnWorkGroup to work and @aws-cdk/custom-resources.AwsCustomResource has no support for tags.
This package has peer dependencies, which need to be installed along in the expected version.
For TypeScript/NodeJS, add these to your dependencies
in package.json
. For Python, add these to your requirements.txt
:
- cdk-athena
- aws-cdk-lib (^2.0.0)
- constructs (^10.0.0)
- Version 3.x is compatible with the CDK v2.
- Version 2.x is compatible with the CDK v1. There won't be regular updates for this.
const workgroup = new WorkGroup(this, 'WorkGroup', {
name: 'TheName', // required
desc: 'Some description',
publishCloudWatchMetricsEnabled: true,
enforceWorkGroupConfiguration: true,
requesterPaysEnabled: true,
bytesScannedCutoffPerQuery: 11000000,
resultConfiguration: {
outputLocation: `s3://some-bucket/prefix`,
encryptionConfiguration: {
encryptionOption: EncryptionOption.SSE_S3,
},
},
});
const query = new NamedQuery(this, 'a-query', {
name: 'A Test Query',
database: 'audit',
desc: 'This is the description',
queryString: `
SELECT
count(*) AS assumed,
split(useridentity.principalid, ':')[2] AS user,
resources[1].arn AS role
FROM cloudtrail_logs
WHERE
eventname='AssumeRole' AND
useridentity.principalid is NOT NULL AND
useridentity.principalid LIKE '%@%'
GROUP BY
split(useridentity.principalid,':')[2],
resources[1].arn
`,
workGroup: workgroup,
});
cdk.Tag.add(workgroup, 'HelloTag', 'ok');
new cdk.CfnOutput(this, 'WorkGroupArn', {
value: workgroup.arn,
});
new cdk.CfnOutput(this, 'WorkGroupName', {
value: workgroup.name,
});
new cdk.CfnOutput(this, 'QueryId', {
value: query.id,
});