Working with Amazon Lake Formation-protected data - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Working with Amazon Lake Formation-protected data

Full Table Access

Amazon Glue supports Full Table Access (FTA) for Amazon Lake Formation-protected tables. This allows your ETL jobs to read and write data with full table permissions.

Prerequisites

  • Appropriate IAM roles and permissions

  • Amazon Lake Formation configured for your data catalog

  • Compatible table types (Hive or Iceberg)

Key considerations

Required permissions

  • lakeformation:GetDataAccess IAM permission

  • Amazon Lake Formation table permissions

  • Amazon S3 bucket access permissions

Supported table types

  • Hive tables

  • Iceberg tables

Limitations

  • Not compatible with Spark Streaming

  • Cannot be used simultaneously with fine-grained access control

  • Does not support Delta or Hudi tables

Best Practices

  1. Ensure IAM roles are properly configured before job execution

  2. Test access permissions in a development environment

  3. Monitor job execution logs for permission-related issues

  4. Maintain clear documentation of access patterns

Troubleshooting

Common issues include:

  • Missing IAM permissions

  • Incorrect Amazon Lake Formation configuration

  • Table type compatibility problems

For complete setup instructions and configuration details, see Using Amazon Lake Formation with full table access.