How to Connect Amazon Athena Data to Gemini Enterprise via CData Connect AI

Jerod Johnson
Jerod Johnson
Director, Technology Evangelism
Connect CData Connect AI Remote MCP to Gemini Enterprise to securely read and take actions on live Amazon Athena data in real time using natural language.

Gemini Enterprise is Google's enterprise AI assistant, available as part of Google Workspace. With native support for Custom MCP Server data stores, Gemini Enterprise can be extended to query and act on live enterprise data via the Model Context Protocol (MCP). When combined with CData Connect AI Remote MCP, Gemini Enterprise can interact with Amazon Athena data in real time using natural language — without data replication or custom integration logic.

CData Connect AI offers a dedicated cloud-to-cloud interface for connecting to Amazon Athena data via a single managed MCP endpoint. The CData Connect AI Remote MCP Server enables secure communication between Gemini Enterprise and Amazon Athena, allowing users to ask questions and take actions on live Amazon Athena data through natural language prompts.

This article explains how to connect Gemini Enterprise to live Amazon Athena data through CData Connect AI by creating a Custom MCP Server data store — giving users access to Amazon Athena data directly from the Gemini Enterprise chat interface.

About Amazon Athena Data Integration

CData provides the easiest way to access and integrate live data from Amazon Athena. Customers use CData connectivity to:

  • Authenticate securely using a variety of methods, including IAM credentials, access keys, and Instance Profiles, catering to diverse security needs and simplifying the authentication process.
  • Streamline their setup and quickly resolve issue with detailed error messaging.
  • Enhance performance and minimize strain on client resources with server-side query execution.

Users frequently integrate Athena with analytics tools like Tableau, Power BI, and Excel for in-depth analytics from their preferred tools.

To learn more about unique Amazon Athena use cases with CData, check out our blog post: https://www.cdata.com/blog/amazon-athena-use-cases.


Getting Started


Prerequisites

  1. A CData Connect AI account with at least one active connection (e.g., Amazon Athena)
  2. A Gemini Enterprise account (trial available)
  3. A Google Cloud project with billing enabled
  4. The Google Cloud CLI installed and configured
  5. In your Google Cloud account:
    • Override the organization policy for Custom MCP data stores (learn more).
    • Grant the Discovery Engine Editor role to the administrator (learn more).

Step 1: Configure Amazon Athena connectivity for Gemini Enterprise

Connectivity to Amazon Athena from Gemini Enterprise is made possible through CData Connect AI Remote MCP. To interact with Amazon Athena data from Gemini Enterprise, start by creating and configuring a Amazon Athena connection in CData Connect AI.

  1. Log into Connect AI, click Sources, and then click Add Connection
  2. Select "Amazon Athena" from the Add Connection panel
  3. Enter the necessary authentication properties to connect to Amazon Athena.

    Authenticating to Amazon Athena

    To authorize Amazon Athena requests, provide the credentials for an administrator account or for an IAM user with custom permissions: Set AccessKey to the access key Id. Set SecretKey to the secret access key.

    Note: Though you can connect as the AWS account administrator, it is recommended to use IAM user credentials to access AWS services.

    Obtaining the Access Key

    To obtain the credentials for an IAM user, follow the steps below:

    1. Sign into the IAM console.
    2. In the navigation pane, select Users.
    3. To create or manage the access keys for a user, select the user and then select the Security Credentials tab.

    To obtain the credentials for your AWS root account, follow the steps below:

    1. Sign into the AWS Management console with the credentials for your root account.
    2. Select your account name or number and select My Security Credentials in the menu that is displayed.
    3. Click Continue to Security Credentials and expand the Access Keys section to manage or create root account access keys.

    Authenticating from an EC2 Instance

    If you are using the CData Data Provider for Amazon Athena 2018 from an EC2 Instance and have an IAM Role assigned to the instance, you can use the IAM Role to authenticate. To do so, set UseEC2Roles to true and leave AccessKey and SecretKey empty. The CData Data Provider for Amazon Athena 2018 will automatically obtain your IAM Role credentials and authenticate with them.

    Authenticating as an AWS Role

    In many situations it may be preferable to use an IAM role for authentication instead of the direct security credentials of an AWS root user. An AWS role may be used instead by specifying the RoleARN. This will cause the CData Data Provider for Amazon Athena 2018 to attempt to retrieve credentials for the specified role. If you are connecting to AWS (instead of already being connected such as on an EC2 instance), you must additionally specify the AccessKey and SecretKey of an IAM user to assume the role for. Roles may not be used when specifying the AccessKey and SecretKey of an AWS root user.

    Authenticating with MFA

    For users and roles that require Multi-factor Authentication, specify the MFASerialNumber and MFAToken connection properties. This will cause the CData Data Provider for Amazon Athena 2018 to submit the MFA credentials in a request to retrieve temporary authentication credentials. Note that the duration of the temporary credentials may be controlled via the TemporaryTokenDuration (default 3600 seconds).

    Connecting to Amazon Athena

    In addition to the AccessKey and SecretKey properties, specify Database, S3StagingDirectory and Region. Set Region to the region where your Amazon Athena data is hosted. Set S3StagingDirectory to a folder in S3 where you would like to store the results of queries.

    If Database is not set in the connection, the data provider connects to the default database set in Amazon Athena.

  4. Click Save & Test
  5. Navigate to the Permissions tab in the Add Amazon Athena Connection page and update the User-based permissions.

Create an OAuth App in CData Connect AI

Gemini Enterprise uses OAuth 2.0 Authorization Code with PKCE to authenticate users against the CData Connect AI MCP Server. This requires creating a user-based OAuth App in your CData Connect AI account.

  1. Click the Gear icon () in the top-right corner of Connect AI to open Settings.
  2. Navigate to OAuth Apps and click + Create App. The Create OAuth App dialog appears.
  3. Enter the following settings:
    • Name — Enter a descriptive name (e.g., GeminiEnterpriseOAuth).
    • Authentication Flow — Select User-based (Authorization Code).
    • Callback URL — Enter https://vertexaisearch.cloud.google.com/oauth-redirect.
  4. Click Confirm. CData Connect AI creates the OAuth App and generates a Client ID and Client Secret.
  5. Copy both the Client ID and Client Secret values. You will need them in Step 5.

With the connection configured and an OAuth App created, we are ready to create the custom MCP server data store in Gemini Enterprise.

Step 2: Create the custom MCP server data store

  1. Open Gemini Enterprise and navigate to the Data stores screen.
  2. Click Create data store.
  3. On the Select a data source page, enter Custom MCP Server in the Search sources field. The Custom MCP Server card displays.
  4. Click Add MCP server. The MCP Server Configuration page displays.
  5. In the Authentication settings section, enter values in the following required fields:
    • MCP Server URL: https://mcp.cloud.cdata.com/mcp
    • Authorization URL: https://cloud-login.cdata.com/authorize
    • Token URL: https://cloud-login.cdata.com/oauth/token
    • Client ID and Client Secret: From the OAuth App created in Step 1
  6. Click Login, and complete the sign-in.
  7. Click Continue, and the Advanced options section opens.

  8. In the MCP Server Description field, enter a description that helps Gemini Enterprise understand what the server does and when to use it. For more information, see Write effective MCP server descriptions and instructions.

  9. Click Continue.

  10. In the Configure your data connector section, select the Location of your data connector from the Multi-region field list.

  11. In Your data connector name, enter a name for your data store.

  12. Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Stores page.

    Note: By default, no tools or actions from your custom MCP servers are enabled. You must enable the tools or actions.

Step 3: Enable actions

After creating the custom MCP server data store, you must enable at least one tool or action before it can be used in Gemini Enterprise.

  1. Go to your custom MCP server data store.

  2. Open the Actions tab and select Reload custom actions to reauthenticate.

    Note: This action performs a tools/list call on the MCP server to retrieve available tools, which are then displayed on the screen.

  3. Select the actions to enable.
  4. Click Enable actions.

Step 4: Connect the MCP server data store to a Gemini Enterprise app

After creating the custom MCP server data store and enabling actions, you must connect the data store to a Gemini Enterprise app before it can be used.

  1. In the Google Cloud console, go to the Gemini Enterprise page.
  2. From the navigation menu, click Apps.
  3. Select the Gemini Enterprise app where you want to connect your data store.
  4. From the navigation menu of the app, click Connected data sources.
  5. Click Add existing data stores and select your data store.
  6. Click Connect.

Step 5: Query live Amazon Athena data with natural language

With the data store connected, Gemini Enterprise users can interact with live Amazon Athena data using natural language from the Gemini Enterprise web application. Each user authenticates with their own Connect AI credentials via the OAuth flow on first use.

  1. Open Gemini Enterprise, click Connections and authorize CData Connect AI.
  2. Ask natural language questions about your Amazon Athena data:
    • "Show me all Amazon Athena data from the last 30 days"
    • "What are the top records in Amazon Athena data by revenue?"
    • "List all active Amazon Athena data and their current status"
    • "Summarize Amazon Athena data activity for this quarter"
  3. The agent automatically discovers available connections in Connect AI, identifies the most relevant Amazon Athena connection, generates SQL, and returns results — all without requiring the user to write queries or understand the underlying data structure.

Get CData Connect AI

To get live data access to hundreds of SaaS, Big Data, and NoSQL sources directly from Gemini Enterprise and other AI platforms, try CData Connect AI today!

Ready to get started?

Learn more about CData Connect AI or sign up for free trial access:

Free Trial

In this article

Related articles