Using Amazon Lake Formation with Amazon Glue - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using Amazon Lake Formation with Amazon Glue

Data engineers and DevOps professionals use Amazon Glue with Extract, Transform and Load (ETL) with Apache Spark to perform transformations on their data sets in Amazon S3 and load the transformed data into data lakes and data warehouses for analytics, machine learning, and application development. With different teams accessing the same data set in Amazon S3, it is imperative to grant and restrict permissions based on their roles.

Amazon Lake Formation is built on Amazon Glue, and the services interact in the following ways:

  • Lake Formation and Amazon Glue share the same Data Catalog.

  • The following Lake Formation console features invoke the Amazon Glue console:

  • The workflows generated when you use a Lake Formation blueprint are Amazon Glue workflows. You can view and manage these workflows in both the Lake Formation console and the Amazon Glue console.

  • Machine learning transforms are provided with Lake Formation and are built on Amazon Glue API operations. You create and manage machine learning transforms on the Amazon Glue console. For more information, see Machine Learning Transforms in the Amazon Glue Developer Guide.

You can use the Lake Formation fine-grained access control to manage your existing Data Catalog resources and Amazon S3 data locations.

Note

Amazon Glue ETL requires full access to the entire table while fetching data from underlying Amazon S3 location. Amazon Glue ETL job fails if you apply column-level permissions on a table.

Support for transactional table types

Applying Lake Formation permissions allows you to secure your transactional data in your Amazon S3 based data lakes. The table below lists transactional table formats supported in Amazon Glue and the Lake Formation permissions. Lake Formation enforces these permissions for Amazon Glue operations.

Supported table formats
Table format Description and allowed operations Lake Formation permissions supported in Amazon Glue

Apache Hudi

A open table format used to simplify incremental data processing and data pipeline development.

For examples, see Using the Hudi framework in Amazon Glue.

Table-level permissions are available for Hudi tables.

For more information, see Limitations.

Apache Iceberg

An open table format that manages large collections of files as tables.

For examples, see Using the Iceberg framework in Amazon Glue.

Table-level permissions are available for Iceberg tables.

For more information, see Limitations.

Linux Foundation Delta Lake

Delta Lake is an open-source project that helps implement modern data lake architectures commonly built on Amazon S3 or Hadoop Distributed File System (HDFS).

For examples, see Using the Delta Lake framework in Amazon Glue.

Table-level permissions are available for Delta Lake tables.

For more information, see Limitations.

Additional resources