Amazon service integrations with Lake Formation
You can use Lake Formation to manage database, table, and column-level access permissions on data stored in Amazon S3. After your data is registered with Lake Formation, you can use Amazon analytical services like Amazon Glue, Amazon Athena, Amazon Redshift Spectrum, Amazon EMR to query the data. The following Amazon services integrate with Amazon Lake Formation and honor Lake Formation permissions.
Amazon Service | Integration details |
---|---|
Amazon Glue |
Reference topic: Using Amazon Lake Formation with Amazon Glue Amazon Glue and Lake Formation share the same Data Catalog. For console operations (such as viewing a list of tables) and all API operations, Amazon Glue users can access only the databases and tables on which they have Lake Formation permissions. |
Amazon Athena |
Reference topic: Using Amazon Lake Formation with Amazon Athena Use Lake Formation to allow or deny permissions to read data in Amazon S3. When Amazon Athena users select the Amazon Glue catalog in the query editor, they can query only the databases, tables, and columns that they have Lake Formation permissions on. Queries using manifests are not supported. Currently, Lake Formation doesn't support managing permissions on write operations such as
In addition to principals who authenticate with Athena through Amazon Identity and Access Management (IAM), Lake Formation supports Athena users who connect through the JDBC or ODBC driver and authenticate through SAML. Supported SAML providers include Okta and Microsoft Active Directory Federation Service (AD FS). |
Amazon Redshift Spectrum |
Reference topic: Using Amazon Lake Formation with Amazon Redshift Spectrum When Amazon Redshift users create an external schema on a database in the Amazon Glue Data Catalog, they can query only the tables and columns in that schema on which they have Lake Formation permissions. |
Amazon QuickSight Enterprise Edition | Reference: Using Amazon Lake Formation with Amazon QuickSight When an Amazon QuickSight Enterprise Edition user queries a dataset in an Amazon S3 location, the user must have the Lake Formation |
Amazon EMR | Reference: Using Amazon Lake Formation with Amazon EMR You can integrate Lake Formation permissions when you create an Amazon EMR cluster with a runtime role. A runtime role is an IAM role that you associate with Amazon EMR jobs or queries, and then Amazon EMR uses this role to access Amazon resources. |
Lake Formation also works with Amazon Key Management Service