Working with Amazon Lake Formation-protected data

Full Table Access

Amazon Glue supports Full Table Access (FTA) for Amazon Lake Formation-protected tables. This allows your ETL jobs to read and write data with full table permissions.

Prerequisites

Appropriate IAM roles and permissions
Amazon Lake Formation configured for your data catalog
Compatible table types (Hive or Iceberg)

Key considerations

Required permissions

lakeformation:GetDataAccess IAM permission
Amazon Lake Formation table permissions
Amazon S3 bucket access permissions

Supported table types

Hive tables
Iceberg tables

Limitations

Not compatible with Spark Streaming
Cannot be used simultaneously with fine-grained access control
Does not support Delta or Hudi tables

Best Practices

Ensure IAM roles are properly configured before job execution
Test access permissions in a development environment
Monitor job execution logs for permission-related issues
Maintain clear documentation of access patterns

Troubleshooting

Common issues include:

Missing IAM permissions
Incorrect Amazon Lake Formation configuration
Table type compatibility problems

For complete setup instructions and configuration details, see Using Amazon Lake Formation with full table access.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Crawling an Amazon S3 data store using a VPC endpoint

Troubleshooting connection issues