Last tested: Nov 14, 2017
This isn't possible at the moment. User will need to enter the ID and secret for the role in the connection instead.
This content is subject to limited support.
@maxcorbin, any update on this yet ?
If your organization self-hosts Looker on AWS EC2 instances (i.e. your Looker is “on-prem”) then this type of connection authentication is possible. The key is to pass certain properties to the Additional Params field in the Looker connection setup page. Namely:AwsCredentialsProviderClass=com.simba.athena.amazonaws.auth.InstanceProfileCredentialsProvider;
If you need to pass S3 output configurations as well, the full string might look like this:
AwsCredentialsProviderClass=com.simba.athena.amazonaws.auth.InstanceProfileCredentialsProvider;S3OutputLocation=s3://<bucket name>;S3OutputEncKMSKey=<key arn>;S3OutputEncOption=SSE_KMS
If you use a proxy server to connect to Athena, check out the ProxyDomain, ProxyHost, and ProxyPort params as well. The full list of available connection options (including several authentication modes), is given in the AWS Athena JDBC Driver documentation page.
Unfortunately this method does not work for cloud-hosted Looker instances in AWS due to the hosting architecture.