Prerequisites for setting up permissions on Amazon Redshift datashares - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Prerequisites for setting up permissions on Amazon Redshift datashares

Update default Data Catalog settings

To enable Lake Formation permissions for the Data Catalog resources, we recommend that you disable the default Data Catalog settings in Lake Formation. For more information, see Change the default permission model or use hybrid access mode.

Update permissions

In addition to data lake administrator permissions (AWSLakeFormationDataAdmin), the following permissions are also required to accept an Amazon Redshift datashare in Lake Formation:

  • glue:PassConnection on aws:redshift

  • redshift:AssociateDataShareConsumer

  • redshift:DescribeDataSharesForConsumer

  • redshift:DescribeDataShares

The data lake administrator IAM user has the following permissions implicitly.

  • data_location_access

  • create_database

  • lakefomation:registerResource