Use Athena Workgroups to Separate Workloads Between Users or Applications, View Query Metrics, and Enforce Cost Controls
You can now use Amazon Athena Workgroups - A new resource type that can be used to separate query execution and query history between Users, Teams, or Applications running under the same AWS account. Because Workgroups act as resources, you can use resource-based policies to control access to a Workgroup. For example, if you have two teams or different applications using Athena, you can limit access by assigning them to different Workgroups. You can also separate ad hoc usage from scheduled reports by assigning them to different Workgroups. Queries running in one Workgroup are not visible to users or applications running in a different Workgroup. You can also temporarily disable Workgroups, preventing users from running queries, or permanently delete them. Fine-Grained Access Control for Tables and Databases defined in the Glue Data Catalog can further restrict access to specific databases and tables.
For each Workgroup, you can also view aggregated query-related metrics in AWS CloudWatch, and mandate Workgroup settings that apply to all queries running in the Workgroup. Examples of such settings include Amazon S3 locations where results are stored and encryption options. You can enforce cost controls by creating data usage controls that apply to all queries running in a Workgroup. For each Workgroup, you can set two categories of data usage controls. The first is set on the amount of data scanned per-query, enforced on a running query. If a query crosses a certain predefined threshold, Athena cancels the query. The second allows users to set multiple thresholds on hourly, or daily aggregates on data scanned by queries running in the Workgroup. If the aggregate data scanned exceeds the threshold, you have a choice to trigger an Amazon SNS alert that can further notify an administrator, invoke a Lambda function, or disable the Workgroup, stopping any further queries from executing.
You can create, edit, and set properties, or enforce cost controls on Workgroups using the AWS console, CLI, or the API. By default, all your queries run in the primary Workgroup. No changes are required to use the primary Workgroup. If you create new Workgroups, and use the JDBC driver or the AWS SDK, you will need to upgrade to the latest version of the driver and SDK. Learn more