Environment

First-run setup

checking
Checking IAM

Bootstrap

Configure this TrinoHub AMI

Step 1 of 5
  1. Status
  2. Admin
  3. AWS
  4. Network
  5. Review
Instance profile Checking metadata
SQLite store Ready .trinohub/trinohub.sqlite3
UI network Pending set allowed CIDRs
No AWS access keys stored

The control plane uses the EC2 instance profile and passes a node role to cluster instances.

First admin tom
AWS region us-east-1
Cluster networking Private subnets, allowlisted UI
Credential model Instance profile only
Name Status Instance type Trino Region Workers Autoscaling Auto-suspend Owner Actions

Cluster configuration

Create Trino cluster

Instance type

Loading instance types…

Acceleration

Workers

Catalogs

Cluster

lakehouse-prod

Running
Active workers - No live capacity loaded
Running queries - No queue sample loaded
CPU - No CloudWatch sample loaded
Auto-suspend - Configured interval
Est. cost - Coordinator + workers, approx

Cluster resources

AWS managed
No AWS resources loaded

Utilization

No data yet

No utilization samples yet. Data appears after the autoscaler takes its first reading.

Recent scaling events

Time Event Signal Capacity
No scaling events loaded.

Catalogs

Data sources

IAM validated
Ready Elapsed 0.0s · Rows 0
Run a query to see results.

Notebooks

Your notebooks

No notebooks yet. Create one to get started.

Ask Trino is new to the job and may make mistakes while learning about your data and organization. Double-check the responses.

Query history

Recent activity

Status Query Cluster User Elapsed Rows

Automation

Scheduled SQL jobs

Job Cluster Schedule Runs as Last run Next run Actions
No scheduled jobs yet.

Access

Local users

User Email Role Status Actions

Access

Roles

Role Privileges Cluster access Catalog access Members Actions

Data security

Data policies

Table/column/row-level restrictions per role, enforced inside Trino via file-based access control. Users in roles with policies are limited to exactly those policies; everyone else keeps full access. Applied when a cluster (re)starts.

Role Scope Privileges Columns Row filter Actions
No data policies.

Data security

Tags & classification

Entity Tag Status Source Actions
No tags.
Tag Role Effect Actions
No tag policies.

AWS configuration

Loading
Region-
VPC-
Node profile-
UI CIDRs-

Cluster connectivity

Not set

Base domain for client connection strings. Each cluster is addressed as <cluster-name>.<base-domain> over HTTPS/443. TrinoHub only renders the name — point a wildcard *.<base-domain> DNS record at your coordinators. Leave blank to show the coordinator IP instead.

Node instance types

0 selected

Memory-optimized types recommended for Trino. Only enabled types appear on the Create cluster screen.

Loading instance types…

API

OpenAPI
Interactive docs Open docs
Schema Open JSON

Single sign-on (OIDC)

Disabled

Authorization-code flow against any OIDC provider (Okta, Entra ID, Google). IdP groups map to TrinoHub roles on every sign-in.

Sessions

12 h

Browser session lifetime. Shortening it does not revoke existing sessions — use "Sign out everywhere" to force re-authentication now.

Notifications

Off

JSON webhook (Slack-compatible text field) fired on the selected events. Leave the URL blank to disable.

Ask Trino

Default

The OpenRouter model Ask Trino uses to write SQL. Paste any model id from openrouter.ai/models (for example anthropic/claude-sonnet-4.5). Leave blank to use the built-in default. The OPENROUTER_API_KEY stays in the server environment and is never shown here.

API tokens

Long-lived bearer tokens for scripts and BI tools: send Authorization: Bearer <token> to any /api/* endpoint. A token acts as its user and inherits that user's roles. Create service accounts in the Users view for automation identities.

Name User Created Expires Last used Actions
No tokens.

Security audit log

-
When Actor Action Target Detail
No entries loaded.
Select a topic to begin.