How can I troubleshoot the error "An error occurred while communicating with Amazon Athena" when connecting to Amazon Athena with a JDBC/ODBC driver?

Last updated: 2021-05-05

I'm experiencing connection timeout issues when I use Amazon Athena with a Java Database Connectivity (JDBC)/Open Database Connectivity (ODBC) driver.

-or-

I am not able to see the Athena query results on my business intelligence tool.

Resolution

The most common reason for this error is the connection issue between the host where you installed the JDBC/ODBC driver and Athena or AWS Glue endpoints.

To troubleshoot this error, check the connectivity between the host that you installed on the JDBC/ODBC driver and Athena/AWS Glue.

Connectivity to Athena

Your host can connect to Athena with either an Athena public service endpoint or an Athena private endpoint. For more information on setting the endpoint, see Command line options and Boto3 documentation.

  • Athena uses port 443 to connect to the host.
  • Athena's streaming API uses port 444 to stream the query results. When you use a JDBC/ODBC driver, Athena uses this port to stream the query results to the JDBC/ODBC driver installed on the client host. Therefore, unblock this port when you use a JDBC/ODBC driver to connect to Athena. If this port is blocked, your business intelligence tool might time out or fail to show query results when you run a query.

Athena public region endpoint

If you're using an Athena public service endpoint (example: athena.us-east-1.amazonaws.com), then be sure to update the endpoint based on the Region that you're trying to connect.

  • If you're using Windows, test the connectivity to the Athena public endpoint using Telnet or Test-netconnection.
    Note: You can use similar commands for testing connectivity to port 444.
telnet athena.us-east-1.amazonaws.com 443

--or--

Test-NetConnection -Computer_Name athena.us-east-1.amazonaws.com -Port 443
  • If you're using Linux or MAC operating system, then run a command similar to the following to check the Athena connectivity.
    Note: You can use a similar command for testing connectivity to port 444.
nc -v athena.us-east-1.amazonaws.com 443

Athena private interface VPC endpoint

  • If you're using an Athena private endpoint instead of the public service endpoint, then test the connectivity to the interface VPC endpoint.
  • If you have endpoint specific DNS hostnames, then check the connectivity to the endpoint specific DNS hostname. If not, check the connectivity to the default DNS hostname.
    • If you've turned on private DNS for the endpoint, then use vpce- .athena.us-east-1.vpce.amazonaws.com for the hostname.
    • If you've turned off private DNS for the endpoint, then use athena.us-east-1.amazonaws.com for the hostname.
  • If you're using Windows, then use the following commands. Be sure to test the connectivity for port 444 in addition to testing port 443.
    Note: Use Test-NetConnection to test the connectivity if you have trouble running the telnet command.
    You can use these commands if you've turned off private DNS for the endpoint.
telnet vpce-<name>.athena.us-east-1.vpce.amazonaws.com 443

--or--

Test-NetConnection -Computer_Name vpce-<name>.athena.us-east-1.vpce.amazonaws.com -Port 443
  • If you're using Linux/MAC, then run a command similar to the following to check the Athena connectivity. If your connection is successful, then you might receive a message similar to "Connection to athena.us-east-1.amazonaws.com port 443 [tcp/https] succeeded".
nc -v vpce-<name>.athena.us-east-1.vpce.amazonaws.com 443
  • Use the appropriate JDBC connection URLs in your business tool configuration according to your private DNS configuration for your endpoint.
    • Use the following connection string if you turned off the private DNS: jdbc:awsathena://vpce-.athena.us-east-1.vpce.amazonaws.com:443
    • Use the following connection string if you turned on the private DNS: jdbc:awsathena://athena.us-east-1.amazonaws.com:443
  • Be sure that the security group attached to your VPC endpoint allows traffic from the host where you installed the JDBC/ODBC driver.
  • Be sure that port 444 isn't blocked. If you use an AWS PrivateLink endpoint to connect to Athena, then be sure that the security group attached to the AWS PrivateLink endpoint is open to inbound traffic on port 444. Athena uses port 444 to stream query results. If port 444 is blocked, then the results aren't streamed back to your client host. In such situations, you might receive an error message similar to "[Simba][AthenaJDBC](100123) An error has occurred. Exception during column initialization". This can also cause the business intelligence tool to stop responding and not display the query results.

Connectivity to AWS Glue

Be sure to check the connectivity between the host that you installed on the JDBC/ODBC driver to AWS Glue. Your host can connect to AWS Glue with either an AWS Glue public service endpoint or an AWS Glue private service endpoint. For more information, see AWS Glue service endpoints. Athena uses the AWS Glue Data Catalog to store and retrieve table metadata for the Amazon S3 data in your account. Therefore, your JDBC/ODBC driver needs to connect to the AWS Glue catalog successfully to get the table metadata information.

If you're using an AWS Glue public service endpoint, then test the connectivity with a command similar to the following:

Note: You might need to use Test-NetConnection or nc to check the port connectivity based on your Operating System.

telnet glue.us-east-1.amazonaws.com 443

If you're using an AWS Glue VPC interface endpoint, then test the connectivity with a command similar to the following:

Note: Use the following command if you've turned off private DNS for the endpoint:

telnet vpce-<name>.glue.us-east-1.vpce.amazonaws.com 443

Use the following command if you've turned on private DNS for the endpoint:

telnet glue.us-east-1.amazonaws.com 443

Did this article help?


Do you need billing or technical support?