Cross-account data sharing using the named resource method

You can grant permissions to directly to principals in the another Amazon account, or to external Amazon Web Services accounts or Amazon Organizations. Granting Lake Formation permissions to Organizations or organizational units is equivalent to granting the permission to every Amazon Web Services account in that organization or organizational unit.

When you grant permissions to external accounts or organizations, you must include the Grantable permissions option. Only the data lake administrator in the external account can access the shared resources until the administrator grants permissions on the shared resources to other principals in the external account.

Note

Grantable permissions option is not supported when granting permissions directly to IAM principals from external accounts.

Follow instructions in Granting database permissions using the named resource method to grant cross-account permissions using the named resource method.

The following video demonstrates how to share data with an Amazon organization using Lake Formation.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Data sharing using tag-based access control

Granting permissions on a database or table shared with your account