Sanitizing SQL query parameters in AWS Athena

Question

In AWS Athena, there doesn't appear to be a good way to pass parameters into the SQL query. The typical way to execute is from a boto3 call,

response = client.start_query_execution(
    QueryString='string',
    ClientRequestToken='string',
    QueryExecutionContext={
        'Database': 'string'
    },
    ResultConfiguration={
        'OutputLocation': 'string',
        'EncryptionConfiguration': {
            'EncryptionOption': 'SSE_S3'|'SSE_KMS'|'CSE_KMS',
            'KmsKey': 'string'
        }
    }
)

If I need to pass parameters to the QueryString, I need to sanitize it to avoid injection attacks. How do I clean the input?

Answer 1

There is no such functionality in the Athena API. Athena now has prepared statements.