Data sharing in Amazon Lake Formation
You can use the Amazon Lake Formation data sharing feature to grant and manage permissions on data stored in locations other than Amazon S3, and metadata stored in locations other than the Amazon Glue Data Catalog. With the data sharing capability, you can set up and manage permissions on datasets in Amazon Redshift without migrating the data into Amazon S3. You can also use the Data Catalog federation feature to connect to external metastores.
Afterwards, you can use Lake Formation to manage data and access permissions in a central Data Catalog by defining fine-grained access control policies. Data lake administrators can grant permissions to other IAM principals within the account or cross-account on the Data Catalog resources. IAM principals can query the shared data using Amazon Redshift Spectrum and Amazon Athena.
Lake Formation provides the following methods to share data and manage permissions on external datasets and external metastores:
-
Integrating Lake Formation with Amazon Redshift data sharing – Use Lake Formation to centrally manage database, table, column, and row-level access permissions of Amazon Redshift datashares and restrict user access to objects within a datashare.
-
Connecting Amazon Glue Data Catalog to external metastores – Connect the Amazon Glue Data Catalog to external metastores to manage access permissions on datasets in Amazon S3 using Lake Formation. No migration of metadata into the Amazon Glue Data Catalog is necessary.
-
Integrating Lake Formation with Amazon Data Exchange – Lake Formation supports licensing access to your data through Amazon Web Services Data Exchange. If you're interested in licensing your Lake Formation data, see What is Amazon Web Services Data Exchange in the Amazon Web Services Data Exchange User Guide.