Step 1: Create a data analyst user
In this step, you create an Amazon Identity and Access Management (IAM) user to be the data analyst for your data lake in Amazon Lake Formation.
This user has the minimum set of permissions to query the data lake.
-
Open the IAM console at https://console.aws.amazon.com/iam
. Sign in as the administrator user that you created in or as a user with the AdministratorAccess
Amazon managed policy. -
Create a user named
datalake_user
with the following settings:-
Enable Amazon Web Services Management Console access.
-
Set a password and do not require password reset.
-
Attach the
AmazonAthenaFullAccess
Amazon managed policy. -
Attach the following inline policy. Name the policy
DatalakeUserBasic
.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess", "glue:GetTable", "glue:GetTables", "glue:SearchTables", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartitions", "lakeformation:GetResourceLFTags", "lakeformation:ListLFTags", "lakeformation:GetLFTag", "lakeformation:SearchTablesByLFTags", "lakeformation:SearchDatabasesByLFTags" ], "Resource": "*" } ] }
-