Using the Amazon Glue Data Catalog as the metastore for Hive
Using Amazon EMR release 5.8.0 or later, you can configure Hive to use the Amazon Glue Data Catalog as its metastore. We recommend this configuration when you require a persistent metastore or a metastore shared by different clusters, services, applications, or Amazon accounts.
Amazon Glue is a fully managed extract, transform, and load (ETL) service that makes it simple and cost-effective to categorize your data, clean it, enrich it, and move it reliably between various data stores. The Amazon Glue Data Catalog provides a unified metadata repository across a variety of data sources and data formats, integrating with Amazon EMR as well as Amazon RDS, Amazon Redshift, Redshift Spectrum, Athena, and any application compatible with the Apache Hive metastore. Amazon Glue crawlers can automatically infer schema from source data in Amazon S3 and store the associated metadata in the Data Catalog. For more information about the Data Catalog, see Populating the Amazon Glue Data Catalog in the Amazon Glue Developer Guide.
Separate charges apply for Amazon Glue. There is a monthly rate for storing and accessing the metadata in the Data Catalog, an hourly rate billed per minute for Amazon Glue ETL jobs and crawler runtime, and an hourly rate billed per minute for each provisioned development endpoint. The Data Catalog allows you to store up to a million objects at no charge. If you store more than a million objects, you are charged USD$1 for each 100,000 objects over a million. An object in the Data Catalog is a table, partition, or database. For more information, see Glue Pricing
Important
If you created tables using Amazon Athena or Amazon Redshift Spectrum before August 14, 2017, databases and tables are stored in an Athena-managed catalog, which is separate from the Amazon Glue Data Catalog. To integrate Amazon EMR with these tables, you must upgrade to the Amazon Glue Data Catalog. For more information, see Upgrading to the Amazon Glue Data Catalog in the Amazon Athena User Guide.
Specifying Amazon Glue Data Catalog as the metastore
You can specify the Amazon Glue Data Catalog as the metastore using the Amazon Web Services Management Console, Amazon CLI, or Amazon EMR API. When you use the CLI or API, you use the configuration classification for Hive to specify the Data Catalog. In addition, with Amazon EMR 5.16.0 and later, you can use the configuration classification to specify a Data Catalog in a different Amazon Web Services account. When you use the console, you can specify the Data Catalog using Advanced Options or Quick Options.
IAM permissions
The EC2 instance profile for a cluster must have IAM permissions for Amazon Glue actions. In addition, if you enable encryption for Amazon Glue Data Catalog objects, the role must also be allowed to encrypt, decrypt and generate the Amazon KMS key used for encryption.
Permissions for Amazon Glue actions
If you use the default EC2 instance profile for Amazon EMR, no action is required. The
AmazonElasticMapReduceforEC2Role
managed policy that is attached to the
EMR_EC2_DefaultRole
allows all necessary Amazon Glue actions. However, if you
specify a custom EC2 instance profile and permissions, you must configure the
appropriate Amazon Glue actions. Use the AmazonElasticMapReduceforEC2Role
managed
policy as a starting point. For more information, see Service role for cluster EC2 instances
(EC2 instance profile) in the Amazon EMR Management Guide.
Permissions for encrypting and decrypting Amazon Glue Data Catalog
Your instance profile needs permission to encrypt and decrypt data using your key. You do not need to configure these permissions if both of the following statements apply:
-
You enable encryption for Amazon Glue Data Catalog objects using managed keys for Amazon Glue.
-
You use a cluster that's in the same Amazon Web Services account as the Amazon Glue Data Catalog.
Otherwise, you must add the following statement to the permissions policy attached to your EC2 instance profile.
[ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:
region
:acct-id
:key/12345678-1234-1234-1234-123456789012
" } ] } ]
For more information about Amazon Glue Data Catalog encryption, see Encrypting your data catalog in the Amazon Glue Developer Guide.
Resource-based permissions
If you use Amazon Glue in conjunction with Hive, Spark, or Presto in Amazon EMR, Amazon Glue supports resource-based policies to control access to Data Catalog resources. These resources include databases, tables, connections, and user-defined functions. For more information, see Amazon Glue Resource Policies in the Amazon Glue Developer Guide.
When using resource-based policies to limit access to Amazon Glue from within Amazon EMR, the principal that you specify in the permissions policy must be the role ARN associated with the EC2 instance profile that is specified when a cluster is created. For example, for a resource-based policy attached to a catalog, you can specify the role ARN for the default service role for cluster EC2 instances, EMR_EC2_DefaultRole
as the Principal
, using the format shown in the following example:
arn:aws:iam::
acct-id
:role/EMR_EC2_DefaultRole
The acct-id
can be different from the Amazon Glue account ID. This enables access from EMR clusters in different accounts. You can specify multiple principals, each from a different account.
Considerations when using Amazon Glue Data Catalog
Consider the following items when using the Amazon Glue Data Catalog as the metastore with Hive:
-
Adding auxiliary JARs using the Hive shell is not supported. As a workaround, use the
hive-site
configuration classification to set thehive.aux.jars.path
property, which adds auxiliary JARs into the Hive classpath. -
Hive transactions
are not supported. Renaming tables from within Amazon Glue is not supported.
When you create a Hive table without specifying a
LOCATION
, the table data is stored in the location specified by thehive.metastore.warehouse.dir
property. By default, this is a location in HDFS. If another cluster needs to access the table, it fails unless it has adequate permissions to the cluster that created the table. Furthermore, because HDFS storage is transient, if the cluster terminates, the table data is lost, and the table must be recreated. We recommend that you specify aLOCATION
in Amazon S3 when you create a Hive table using Amazon Glue. Alternatively, you can use thehive-site
configuration classification to specify a location in Amazon S3 forhive.metastore.warehouse.dir
, which applies to all Hive tables. If a table is created in an HDFS location and the cluster that created it is still running, you can update the table location to Amazon S3 from within Amazon Glue. For more information, see Working with Tables on the Amazon Glue Console in the Amazon Glue Developer Guide.Partition values containing quotes and apostrophes are not supported, for example,
PARTITION (owner="Doe's").
Column statistics
are supported for emr-5.31.0 and later. Using Hive authorization
is not supported. As an alternative, consider using Amazon Glue Resource-Based Policies. For more information, see Use Resource-Based Policies for Amazon EMR Access to Amazon Glue Data Catalog. Hive constraints
are not supported. Cost-based Optimization in Hive
is not supported. Setting
hive.metastore.partition.inherit.table.properties
is not supported.Using the following metastore constants is not supported:
BUCKET_COUNT, BUCKET_FIELD_NAME, DDL_TIME, FIELD_TO_DIMENSION, FILE_INPUT_FORMAT, FILE_OUTPUT_FORMAT, HIVE_FILTER_FIELD_LAST_ACCESS, HIVE_FILTER_FIELD_OWNER, HIVE_FILTER_FIELD_PARAMS, IS_ARCHIVED, META_TABLE_COLUMNS, META_TABLE_COLUMN_TYPES, META_TABLE_DB, META_TABLE_LOCATION, META_TABLE_NAME, META_TABLE_PARTITION_COLUMNS, META_TABLE_SERDE, META_TABLE_STORAGE, ORIGINAL_LOCATION
.When you use a predicate expression, explicit values must be on the right side of the comparison operator, or queries might fail.
Correct:
SELECT * FROM mytable WHERE time > 11
Incorrect:
SELECT * FROM mytable WHERE 11 > time
Amazon EMR versions 5.32.0 and 6.3.0 and later support using user-defined functions (UDFs) in predicate expressions. When using earlier versions, your queries may fail because of the way Hive tries to optimize query execution.
Temporary tables
are not supported. We recommend creating tables using applications through Amazon EMR rather than creating them directly using Amazon Glue. Creating a table through Amazon Glue may cause required fields to be missing and cause query exceptions.
In EMR 5.20.0 or later, parallel partition pruning is enabled automatically for Spark and Hive when Amazon Glue Data Catalog is used as the metastore. This change significantly reduces query planning time by executing multiple requests in parallel to retrieve partitions. The total number of segments that can be executed concurrently range between 1 and 10. The default value is 5, which is a recommended setting. You can change it by specifying the property
aws.glue.partition.num.segments
inhive-site
configuration classification. If throttling occurs, you can turn off the feature by changing the value to 1. For more information, see Amazon Glue Segment Structure.