Integrating with Amazon S3 Tables - Amazon Glue
Access controlsCatalog hierarchy for auto-mountingSupported Regions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Integrating with Amazon S3 Tables

Amazon Glue Data Catalog integration with Amazon S3 Tables allows you to discover, query, and join S3 Tables with data in Amazon S3 data lakes using a single catalog. When you integrate S3 Tables with the Data Catalog, the service creates a federated catalog structure that maps S3 Tables resources to Amazon Glue catalog objects:

  • An S3 table bucket becomes a catalog in the Data Catalog

  • An S3 namespace becomes a Amazon Glue database

  • An S3 table becomes a Amazon Glue table

Access controls

The Data Catalog supports two access control modes for S3 Tables integration:

  • IAM access control – Uses IAM policies to control access to S3 Tables and the Data Catalog. In this approach, you need IAM permissions on both S3 Tables resources and Data Catalog objects to access resources.

  • Amazon Lake Formation access control – Uses Amazon Lake Formation grants in addition to Amazon Glue IAM permissions to control access to S3 Tables through the Data Catalog. In this mode, principals require IAM permissions to interact with the Data Catalog, and Amazon Lake Formation grants determine which catalog resources (databases, tables, columns, rows) the principal can access. This mode supports both coarse-grained access control (database-level and table-level grants) and fine-grained access control (column-level and row-level security). When a registered role is configured and credential vending is enabled, S3 Tables IAM permissions are not required for the principal, as Amazon Lake Formation vends credentials on behalf of the principal using the registered role. Amazon Lake Formation access control also supports credential vending for third-party analytics engines. For more information, see Creating an S3 Tables catalog in the Amazon Lake Formation Developer Guide.

You can migrate between access control modes as your requirements evolve.

Catalog hierarchy for auto-mounting

When you integrate S3 Tables with the Data Catalog using the Amazon S3 management console, the console creates a federated catalog called s3tablescatalog in the Data Catalog in your account in that Amazon Region. This federated catalog serves as the parent catalog for all existing and future S3 table buckets in that account and Region. The integration maps Amazon S3 table bucket resources in the following hierarchy:

  • Federated catalogs3tablescatalog (automatically created)

  • Child catalogs – Each S3 table bucket becomes a child catalog under s3tablescatalog

  • Databases – Each S3 namespace within a table bucket becomes a database

  • Tables – Each S3 table within a namespace becomes a table

For example, if you have an S3 table bucket named "analytics-bucket" with a namespace "sales" containing a table "transactions", the full path in the Data Catalog would be: s3tablescatalog/analytics-bucket/sales/transactions

This four-part hierarchy applies to same-account scenarios where S3 Tables and the Data Catalog are in the same Amazon account. For cross-account scenarios, you manually mount individual S3 table buckets in the Data Catalog, which creates a three-part hierarchy.

Supported Regions

S3 Tables integration with the Data Catalog is available in the following Amazon Regions:

Region code Region name
us-east-1US East (N. Virginia)
us-east-2US East (Ohio)
us-west-1US West (N. California)
us-west-2US West (Oregon)
af-south-1Africa (Cape Town)
ap-east-1Asia Pacific (Hong Kong)
ap-east-2Asia Pacific (Taipei)
ap-northeast-1Asia Pacific (Tokyo)
ap-northeast-2Asia Pacific (Seoul)
ap-northeast-3Asia Pacific (Osaka)
ap-south-1Asia Pacific (Mumbai)
ap-south-2Asia Pacific (Hyderabad)
ap-southeast-1Asia Pacific (Singapore)
ap-southeast-2Asia Pacific (Sydney)
ap-southeast-3Asia Pacific (Jakarta)
ap-southeast-4Asia Pacific (Melbourne)
ap-southeast-5Asia Pacific (Malaysia)
ap-southeast-6Asia Pacific (New Zealand)
ap-southeast-7Asia Pacific (Thailand)
ca-central-1Canada (Central)
ca-west-1Canada West (Calgary)
eu-central-1Europe (Frankfurt)
eu-central-2Europe (Zurich)
eu-north-1Europe (Stockholm)
eu-south-1Europe (Milan)
eu-south-2Europe (Spain)
eu-west-1Europe (Ireland)
eu-west-2Europe (London)
eu-west-3Europe (Paris)
il-central-1Israel (Tel Aviv)
mx-central-1Mexico (Central)
sa-east-1South America (Sao Paulo)
Topics