Execute and manage AWS Athena SQL queries. This tool provides comprehensive operations for AWS Athena query management, including starting new queries, monitoring execution status, retrieving results, and analyzing performance statistics. ## Requirements - The server must be run with the `--all...
High parameter count (13 properties); Single-target operation
Part of the Amazon Data Processing MCP Server MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use manage_aws_athena_query_executions to create or modify resources in Amazon Data Processing MCP Server. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call manage_aws_athena_query_executions repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Amazon Data Processing MCP Server.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
manage_aws_athena_query_executions:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Amazon Data Processing MCP Server policy for all 36 tools.
Agents calling write-class tools like manage_aws_athena_query_executions have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
Execute and manage AWS Athena SQL queries. This tool provides comprehensive operations for AWS Athena query management, including starting new queries, monitoring execution status, retrieving results, and analyzing performance statistics. ## Requirements - The server must be run with the `--allow-write` flag if start-query-execution contains any write operation for example DDL commands, Insert, Update, Delete Commands or any flag updates - Appropriate AWS permissions for Athena query operations ## Operations - **batch-get-query-execution**: Get details for up to 50 query executions by their IDs - **get-query-execution**: Get complete information about a single query execution - **get-query-results**: Retrieve the results of a completed query - **get-query-runtime-statistics**: Get performance statistics for a query execution - **list-query-executions**: List available query execution IDs (up to 50) - **start-query-execution**: Execute a new SQL query - **stop-query-execution**: Cancel a running query ## Example ```python # Start a new query response = await manage_aws_athena_queries( operation='start-query-execution', query_string='SELECT * FROM my_database.my_table LIMIT 10', query_execution_context={'Database': 'my_database', 'Catalog': 'my_catalog'}, work_group='primary', ) # Get the query results results = await manage_aws_athena_queries( operation='get-query-results', query_execution_id=response.query_execution_id ) ``` Args: ctx: MCP context operation: Operation to perform query_execution_id: ID of the query execution query_execution_ids: List of query execution IDs (max 50) query_string: The SQL query string to execute client_request_token: Unique token for idempotent requests query_execution_context: Context with database and catalog information result_configuration: Configuration for query results location and encryption work_group: The name of the workgroup execution_parameters: Parameters for parameterized queries result_reuse_configuration: Query result reuse behavior configuration max_results: Maximum number of results to return next_token: Pagination token query_result_type: Type of query results to return (DATA_ROWS or DATA_MANIFEST) Returns: Union of response types specific to the operation performed. It is categorised as a Write tool in the Amazon Data Processing MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for manage_aws_athena_query_executions. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Amazon Data Processing MCP Server MCP server.
manage_aws_athena_query_executions is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the manage_aws_athena_query_executions rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for manage_aws_athena_query_executions. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
manage_aws_athena_query_executions is provided by the Amazon Data Processing MCP Server MCP server (awslabs.aws-dataprocessing-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.