 |
VOOZH | about |
|
VOOZH | about |
You can use the CData API Server to give your users the capabilities to access and update Amazon Athena data in SharePoint. This article shows how to create an external list of Amazon Athena data that is always up to date. You will use an external content type as a template to create the external list. The external content type enables connectivity through OData, a real-time data streaming protocol for mobile and other online applications. The API Server is an OData producer of Amazon Athena feeds.
After setting up the API Server, creating an external list with connectivity to Amazon Athena data consists of three basic steps:
This article also covers how to accomplish the following tasks:
CData provides the easiest way to access and integrate live data from Amazon Athena. Customers use CData connectivity to:
Users frequently integrate Athena with analytics tools like Tableau, Power BI, and Excel for in-depth analytics from their preferred tools.
To learn more about unique Amazon Athena use cases with CData, check out our blog post: https://www.cdata.com/blog/amazon-athena-use-cases.
If you have not already done so, download the CData API Server. Once you have installed the API Server, follow the steps below to begin producing secure Amazon Athena OData services:
To provide Amazon Athena data to SharePoint users as an external list, we start by creating and configuring a Amazon Athena connection. Follow the steps below to configure the API Server to connect to Amazon Athena data:
To authorize Amazon Athena requests, provide the credentials for an administrator account or for an IAM user with custom permissions: Set to the access key Id. Set to the secret access key.
Note: Though you can connect as the AWS account administrator, it is recommended to use IAM user credentials to access AWS services.
To obtain the credentials for an IAM user, follow the steps below:
To obtain the credentials for your AWS root account, follow the steps below:
If you are using the CData Data Provider for Amazon Athena 2018 from an EC2 Instance and have an IAM Role assigned to the instance, you can use the IAM Role to authenticate. To do so, set to true and leave and empty. The CData Data Provider for Amazon Athena 2018 will automatically obtain your IAM Role credentials and authenticate with them.
In many situations it may be preferable to use an IAM role for authentication instead of the direct security credentials of an AWS root user. An AWS role may be used instead by specifying the . This will cause the CData Data Provider for Amazon Athena 2018 to attempt to retrieve credentials for the specified role. If you are connecting to AWS (instead of already being connected such as on an EC2 instance), you must additionally specify the and of an IAM user to assume the role for. Roles may not be used when specifying the and of an AWS root user.
For users and roles that require Multi-factor Authentication, specify the and connection properties. This will cause the CData Data Provider for Amazon Athena 2018 to submit the MFA credentials in a request to retrieve temporary authentication credentials. Note that the duration of the temporary credentials may be controlled via the (default 3600 seconds).
In addition to the and properties, specify , and . Set to the region where your Amazon Athena data is hosted. Set to a folder in S3 where you would like to store the results of queries.
If is not set in the connection, the data provider connects to the default database set in Amazon Athena.
π Connecting to a datasource (SQLite is shown)Next, create a user to access your Amazon Athena data through the API Server. You can add and configure users on the Users page. Follow the steps below to configure and create a user:
Having created a user, you are ready to create API endpoints for the Amazon Athena tables:
Having configured a connection to Amazon Athena data, created a user, and added resources to the API Server, you now have an easily accessible REST API based on the OData protocol for those resources. From the API page in API Server, you can view and copy the API Endpoints for the API:
π API EndpointsThe external content type is a schema that will provide the core connectivity to Amazon Athena data from any SharePoint app. You can create a schema for any OData query. You can pass in the required options with the query string parameter. Below is an example request, which will return the schema in an .ect file:
https://my-server:8080/api.rsc/Customers?$sharepoint=AuthMode:Passthrough&@authtoken=my-authtoken
Note that for simplicity, the authtoken is passed in the query string to authenticate the request for the .ect. This is not enabled by default; if you would like to use this method to authenticate to the API Server, you will need to add an entry like the following to your settings.cfg file:
[Application] AllowAuthtokenInUrl = true
The settings.cfg file is located in the data directory. In the .NET edition, the data directory is located in the app_data subfolder of the application root. In the Java edition, the location of the data directory depends on your operating system:
After you have created the .ect, you can follow the steps below to import it into SharePoint Online or an on-premise SharePoint installation.
Navigate to the SharePoint central administration portal and click the link to manage service applications. In the resulting page, click Business Data Connectivity Service. Select External Content Types in the menu and click Import. In the BDC Model section, click Choose File to select the .ect file in the dialog.
In the SharePoint admin center, click BCS from the quick launch menu and then click Manage BDC Models and External Content Types. On the resulting page, select External Content Types in the menu and click Import. In the BDC Model section, click Choose File.
You can now create SharePoint apps that can access and modify Amazon Athena data:
SharePoint has limits on how much data can be retrieved from external lists of OData sources. External lists display results in pages of 30 items by default. To modify the paging size, you can set the Item Limit property in the settings for the default view. Alternatively, you can build a custom Web part to view the data from the external list.
In SharePoint 2013, requests to external data sources are limited by bandwidth throttling controls, which can be changed using the Set-SPBusinessDataCatalogThrottleConfig command. In SharePoint Online, requests to external data sources are limited by your Server Resource Quota and by bandwidth throttling controls; to work around this, you can apply filters in the request for data.
The API Server sets the default limit for the number of returned rows to be 500. You can disable this limit by adding the limit option to the $sharepoint query string parameter and setting its value to 0.
To use pass-through authentication for accessing your external content type, set the AuthMode option to pass-through.
If you are using Kerberos authentication, you need to add these users to the API Server. If you are not using Kerberos authentication, you are likely using another form of Windows authentication such as NTLM.
When users are authenticating via NTLM authentication and using pass-through authentication in the Business Connectivity Service (BCS) in SharePoint, SharePoint connects to the external Web service using the default IIS account. This account is often the NT AUTHORITY\IUSR account. Give this user access to the CData API Server.
See the help documentation for a guide to enabling Windows authentication for the API Server.
In the following sections, you will first create a secure store target application that authenticates SharePoint users to the API Server with the credentials for a user who has been added to the API Server. Next, you will create the external content type and configure it to authenticate with the credentials in the secure store.
After you create the target application, save the credentials of The API Server user into the secure store:
Next, create a new connection settings object:
Finally, create the external content type, import it into SharePoint Online, and create the external list:
https://my-server/api.rsc/Customers?$filter=CustomerId eq '12345'&$sharepoint=AuthMode:Credentials,TargetApplicationId:my-target-application-Id,ODataConnectionSettingsId:my-odata-connection-settings-Id
After you create the new secure store target application, follow the procedure below to set the credentials that users in SharePoint will provide when accessing the API Server:
Open an instance of the SharePoint management shell and initialize a new SharePoint connection object. Note that the connection object is site specific.
New-SPODataConnectionSetting -AuthenticationMode Credentials -ServiceAddressURL http://my-server/api.rsc -ServiceContext http://myspsite/ -Name MyODataConnectionSettingsId -SecureStoreTargetApplicationId my-target-application-Id
The output below shows that the command has executed successfully:
π The initialized connection object.The final steps involve creating the external content type for the table you want to expose in SharePoint, configuring it to authenticate with credentials from the secure store, and then importing it into SharePoint.
http://my-server/api.rsc/Account?$filter=Industry eq 'Floppy Disks'&$sharepoint=AuthMode:Credentials,TargetApplicationId:my-target-application-Id,ODataConnectionSettingsId:my-odata-connection-settings-Id
Learn more or sign up for a free trial:
CData API Server
