How can I troubleshoot the error "An error occurred while communicating with Amazon Athena" when connecting to Athena with a JDBC or ODBC driver?
I have connection timeout issues when I use Amazon Athena with a Java Database Connectivity (JDBC) or Open Database Connectivity (ODBC) driver. Or, I can't see the Athena query results on my business intelligence tool.
Resolution
The most common cause of this error is the connection between the host where you installed the JDBC or ODBC driver and Athena or AWS Glue endpoints.
To troubleshoot this error, check the connectivity between the driver that's on the installed host and Athena or AWS Glue.
Note: In the following steps, replace the NAME in vpce-NAME with your VPC endpoint name.
Connectivity to Athena
To make sure you have proper connectivity to Athena, keep the following points in mind:
- Your host can connect to Athena with either an Athena public service endpoint or an Athena private endpoint. For more information on setting the endpoint, see Command line options and Boto3 documentation.
- Athena uses port 443 to connect to the host.
- Athena's streaming API uses port 444 to stream the query results. When you use a JDBC or ODBC driver, Athena uses this port to stream the query results to the driver that's on the client host. Therefore, when you use a JDBC or ODBC driver to connect to Athena, unblock this port. If this port is blocked, then your business intelligence tool might time out or fail to show query results when you run a query.
Athena endpoint connectivity
An Athena endpoint looks similar to athena.us-east-1.amazonaws.com. When you enter the endpoint in a command, be sure to update the target AWS Region in the endpoint.
To test an endpoint's connectivity, run the following commands depending on your operations system (OS):
Note: You can also use these commands to test connectivity to port 444.
Windows
telnet athena.us-east-1.amazonaws.com 443
-or-
Test-NetConnection -Computer_Name athena.us-east-1.amazonaws.com -Port 443
Linux or macOS
nc -v athena.us-east-1.amazonaws.com 443
If you use a virtual private cloud (VPC) endpoint for private DNS, then append vpce-NAME to the beginning of your endpoint in these commands. For example, instead of athena.us-east-1.vpce.amazonaws.com, enter vpce-NAME.athena.us-east-1.vpce.amazonaws.com for private DNS. Replace NAME with the name of your VPC. For more information on private DNS, see Connect to Amazon Athena using an interface VPC endpoint and Control access to VPC endpoints using endpoint policies.
Also, make sure that you follow best practices for ODCB or JDBC drivers. For example, both drivers require that you keep port 444 open.
Connectivity to AWS Glue
Be sure to check the connectivity between the host that you installed on the JDBC or ODBC driver to AWS Glue. Your host can connect to AWS Glue with either an AWS Glue public service endpoint or an AWS Glue private service endpoint. For more information, see AWS Glue service endpoints. Athena uses the AWS Glue Data Catalog to store and retrieve table metadata for the Amazon S3 data in your account. Therefore, your driver needs to connect to the AWS Glue catalog successfully to get the table metadata information.
If you use an AWS Glue public service endpoint, then test the connectivity with a command similar to the following example:
Note: You might need to use Test-NetConnection or nc to check the port connectivity based on your Operating System.
telnet glue.us-east-1.amazonaws.com 443
If you use an AWS Glue VPC interface endpoint, then test the connectivity with a command similar to the following example:
Note: Use the following command if you've turned off private DNS for the endpoint.
telnet vpce-NAME.glue.us-east-1.vpce.amazonaws.com 443
Related information
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 24 days ago
- AWS OFFICIALUpdated 19 days ago
- AWS OFFICIALUpdated 2 months ago
