Data sharing in AWS Lake Formation
You can use the AWS Lake Formation data sharing feature to grant and manage permissions on data stored in locations other than Amazon S3, and metadata stored in locations other than the AWS Glue Data Catalog. With the data sharing capability, you can set up and manage permissions on datasets in Amazon Redshift without migrating the data into Amazon S3. You can also use the Data Catalog federation feature to connect to external metastores.
Afterwards, you can use Lake Formation to manage data and access permissions in a central Data Catalog by defining fine-grained access control policies. Data lake administrators can grant permissions to other IAM principals within the account or cross-account on the Data Catalog resources. IAM principals can query the shared data using Amazon Redshift Spectrum and Amazon Athena.
Lake Formation provides the following methods to share data and manage permissions on external datasets and external metastores:
-
Integrating Lake Formation with Amazon Redshift data sharing – Use Lake Formation to centrally manage database, table, column, and row-level access permissions of Amazon Redshift datashares and restrict user access to objects within a datashare.
-
Connecting AWS Glue Data Catalog to external metastores – Connect the AWS Glue Data Catalog to external metastores to manage access permissions on datasets in Amazon S3 using Lake Formation. No migration of metadata into the AWS Glue Data Catalog is necessary.
-
Integrating Lake Formation with AWS Data Exchange – Lake Formation supports licensing access to your data through AWS Data Exchange. If you're interested in licensing your Lake Formation data, see What is AWS Data Exchange in the AWS Data Exchange User Guide.
Topics
