Model Context Protocol (MCP) finally gives AI models a way to access the business data needed to make them really useful at work. CData MCP Servers have the depth and performance to make sure AI has access to all of the answers.
Try them now for free →
Query Amazon Athena Data Using the OData SDK for PHP
You can use the API Server and the OData PHP SDK to easily consume Amazon Athena entities in PHP by modeling them as objects.
The CData API Server, when paired with the ADO.NET Provider for Amazon Athena, exposes Amazon Athena data (or data from any of 200+ other ADO.NET Providers) as Web services. You can follow the procedure below to work with Amazon Athena data as PHP objects.
About Amazon Athena Data Integration
CData provides the easiest way to access and integrate live data from Amazon Athena. Customers use CData connectivity to:
- Authenticate securely using a variety of methods, including IAM credentials, access keys, and Instance Profiles, catering to diverse security needs and simplifying the authentication process.
- Streamline their setup and quickly resolve issue with detailed error messaging.
- Enhance performance and minimize strain on client resources with server-side query execution.
Users frequently integrate Athena with analytics tools like Tableau, Power BI, and Excel for in-depth analytics from their preferred tools.
To learn more about unique Amazon Athena use cases with CData, check out our blog post: https://www.cdata.com/blog/amazon-athena-use-cases.
Getting Started
Set Up the API Server
Follow the steps below to begin producing secure Amazon Athena OData services:
Deploy
The API Server runs on your own server. On Windows, you can deploy using the stand-alone server or IIS. On a Java servlet container, drop in the API Server WAR file. See the help documentation for more information and how-tos.
The API Server is also easy to deploy on Microsoft Azure, Amazon EC2, and Heroku.
Connect to Amazon Athena
After you deploy the API Server and the ADO.NET Provider for Amazon Athena, provide authentication values and other connection properties needed to connect to Amazon Athena by clicking Settings -> Connections and adding a new connection in the API Server administration console.
Authenticating to Amazon Athena
To authorize Amazon Athena requests, provide the credentials for an administrator account or for an IAM user with custom permissions: Set AccessKey to the access key Id. Set SecretKey to the secret access key.
Note: Though you can connect as the AWS account administrator, it is recommended to use IAM user credentials to access AWS services.
Obtaining the Access Key
To obtain the credentials for an IAM user, follow the steps below:
- Sign into the IAM console.
- In the navigation pane, select Users.
- To create or manage the access keys for a user, select the user and then select the Security Credentials tab.
To obtain the credentials for your AWS root account, follow the steps below:
- Sign into the AWS Management console with the credentials for your root account.
- Select your account name or number and select My Security Credentials in the menu that is displayed.
- Click Continue to Security Credentials and expand the Access Keys section to manage or create root account access keys.
Authenticating from an EC2 Instance
If you are using the CData Data Provider for Amazon Athena 2018 from an EC2 Instance and have an IAM Role assigned to the instance, you can use the IAM Role to authenticate. To do so, set UseEC2Roles to true and leave AccessKey and SecretKey empty. The CData Data Provider for Amazon Athena 2018 will automatically obtain your IAM Role credentials and authenticate with them.
Authenticating as an AWS Role
In many situations it may be preferable to use an IAM role for authentication instead of the direct security credentials of an AWS root user. An AWS role may be used instead by specifying the RoleARN. This will cause the CData Data Provider for Amazon Athena 2018 to attempt to retrieve credentials for the specified role. If you are connecting to AWS (instead of already being connected such as on an EC2 instance), you must additionally specify the AccessKey and SecretKey of an IAM user to assume the role for. Roles may not be used when specifying the AccessKey and SecretKey of an AWS root user.
Authenticating with MFA
For users and roles that require Multi-factor Authentication, specify the MFASerialNumber and MFAToken connection properties. This will cause the CData Data Provider for Amazon Athena 2018 to submit the MFA credentials in a request to retrieve temporary authentication credentials. Note that the duration of the temporary credentials may be controlled via the TemporaryTokenDuration (default 3600 seconds).
Connecting to Amazon Athena
In addition to the AccessKey and SecretKey properties, specify Database, S3StagingDirectory and Region. Set Region to the region where your Amazon Athena data is hosted. Set S3StagingDirectory to a folder in S3 where you would like to store the results of queries.
If Database is not set in the connection, the data provider connects to the default database set in Amazon Athena.
You can then choose the Amazon Athena entities you want to allow the API Server access to by clicking Settings -> Resources.
Additionally, configure the API Server for compatibility with the OData SDK for PHP: Click Server -> Settings and in the OData section set Default Version to 2.0.
Authorize API Server Users
After determining the OData services you want to produce, authorize users by clicking Settings -> Users. The API Server uses authtoken-based authentication and supports the major authentication schemes. You can authenticate as well as encrypt connections with SSL. Access can also be restricted based on IP address; by default, only connections from the local machine are allowed.
For simplicity, we will authenticate to the API Server by setting the authtoken in the URL. This is not enabled by default; you will need to add the following lines to the API Server configuration file, settings.cfg.
[Application]
AllowAuthTokenInUrl = true
The settings.cfg file is located in the data directory. In the .NET edition, the data directory is the app_data folder under the www folder. In the Java edition, the data directory's location depends on the operation system:
- Windows: C:\ProgramData\CData\AmazonAthena\
- Unix or Mac OS X: ~/cdata/AmazonAthena/
Work with Amazon Athena Entities as PHP Objects
Follow the steps below to use the ODataPHP SDK to create a proxy class that will connect to the Web services exposed by the API Server.
-
Pass the URL to a command like the one below:
php C:\PHPLib\ODataphp\PHPDataSvcUtil.php /uri=https://your-server:8032/api.rsc/@your-authtoken/ /out=C:\PHPLib\ODataphp\AmazonAthenaEntities.phpThe preceding command defines classes from the metadata returned in the response from the OData endpoint, then outputs the class definitions to the specified folder.
Both the API Server and the OData SDK for PHP support forms and Windows authentication. The API Server uses authtokens to authenticate users authorized to access the OData endpoint. You can supply authtokens in HTTP Basic authentication or append them to the OData URL.
You can configure authorized users in the Settings -> Users section of the API Server administration console.
-
You can now start accessing Amazon Athena data using an object-oriented interface in PHP. The code below creates a record of the Customers table and then retrieves the live data, showing the newly created record.
require_once 'AmazonAthenaEntities.php'; try{ $svc = new CData(); $customers = new Customers(); $customers->CustomerId = '12345'; $svc->AddToCustomers($customers); $svc->SetSaveChangesOptions(SaveChangesOptions::None); $svc->SaveChanges(); $response = $svc->customers()->Execute(); foreach($response->Result as $customers) echo $customers->Name.""; } catch (Exception $e) { //catch errors from the API Server echo $e->getError(), "\n"; }
