Integration access
At the core, every integration uses some form of a user token to ensure that users only have access to the data that they should have access to. In the case of integrations used to download data into third-party applications, this token can be created via an OAuth flow or may involve the user copy/pasting a token that they copied from their advanced settings page.
In the case of database integrations, where we connect out to the system, we use the credentials entered by the Data Engineer. For Athena, the data engineer must also configure their AWS instance to allow us to connect.