Skip to main content

Privacera Documentation

Integrate Google Looker from AWS Athena with Privacera Platform

To run SQL queries from Google Looker against your data in PrivaceraCloud, you can configure Google Looker to communicate with the Privacera data server.


Communication between Privacera Platform and Google Looker relies on SSL. Google Looker in a hosted deployment does not accept self-signed SSL certificates. Be sure that you have installed a CA-issued certficate for Privacera Platform, and be sure that you know the password to view that certificate.


Have the following ready:

  • A CA-issued SSL certtificate already installed on Privacera Platform, whose password you know.

  • An installation of Google Looker.

  • A descriptive, easy-to-remember name for the connection from Google Looker.

  • An S3 storage location where query results can be saved.

  • Your AWS region, such as us-east-1.

  • The name of the database you want to query.

  • The name of a Looker workgroup to associate with the connection.

  • The hostname/domain or IP address and port of the Privacera data server.

  • A Privacera Platform access key and secret key at Launchpad > Privacera Token. Privacera recommends that you generate a new token for this connection.

Get your data server hostname, port, and profile name

To find your Privacera Platform data server hostname, port, and profile name, on Privacera Platform:

  1. Go to Launchpad.

  2. From the field labeled HTTP Endpoint Setting, copy the full domain name of the host. Do not copy anything else from the displayed value, only the hostname portion of the value.

    This is the value you need to supply for the <dataserver_IP_address_or_hostname> needed in the procedure detailed below.

  3. For the data server port, from the field labeled Port, copy the value of the port.

    This is the value you need to supply for the <dataserver_port> needed in the procedure detailed below.

For the value of <profile_name> in the procedure below, copy the value of the Profile Name field.

  1. From your Privacera Platform installation copy the ~/privacera/privacera-manager/config/ssl/global-truststore.p12 file to your Google Looker hosted deployment's /home/looker/looker/.ssl directory.

  2. On your Google Looker hosted deployment, edit the file lookerstart.cfg file to modify the JAVAARGS environment variable:


    The path to the truststore is /home/looker/looker/.ssl/global-truststore.p12.

  3. Restart Google Looker.

  4. Connect to AWS Athena.

  5. Go to to the desired Google Looker instance.

  6. On the landing page, go to Admin > Database > Connections > Add Connection.

  7. On the Connect your database to Looker page:

  8. Enter your descriptive name for this connection.

  9. For Dialect, select Amazon Athena.

  10. Enter Host details you prepared from the prerequisites in the following format. Note that the key/value pairs are separated by a semi-colon (;).


    1. <dataserver_IP_address_or_hostname>: Data server IP address or hostname.

    2. dataserver_port: Data server port number

    3. Region: Your AWS region, such as us-east-1.

    4. Profile name: Athena Profile

    5. S3OutputLocation: Enter the S3 location to store Athena query results.

    6. Workgroup: Workgroup to associate with the connection.

    7. Database: Database name to be connected.

    8. Username: Enter your Privacera Platform access key access.

    9. Password: Enter Privacera Platform secret key.

  11. Keep the Optional Settings defaults.

  12. Test your connection by clicking the Test button.

  13. Click the Connect button to create the connection.

Run queries using SQL Runner

These are the general steps for running queries.

  1. Start your Google Looker instance.

  2. On the landing page, go to Develop > SQL Runner.

  3. Select the name of the database connection you created.

  4. Fire off your queries.

Results of the queries are stored in the S3 location you specified when you created this connection.