Step 1: Create a data analyst user - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 1: Create a data analyst user

In this step, you create an Amazon Identity and Access Management (IAM) user to be the data analyst for your data lake in Amazon Lake Formation.

This user has the minimum set of permissions to query the data lake.

  1. Open the IAM console at https://console.aws.amazon.com/iam. Sign in as the administrator user that you created in or as a user with the AdministratorAccess Amazon managed policy.

  2. Create a user named datalake_user with the following settings:

    • Enable Amazon Web Services Management Console access.

    • Set a password and do not require password reset.

    • Attach the AmazonAthenaFullAccess Amazon managed policy.

    • Attach the following inline policy. Name the policy DatalakeUserBasic.

      {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lakeformation:GetDataAccess",
                "glue:GetTable",
                "glue:GetTables",
                "glue:SearchTables",
                "glue:GetDatabase",
                "glue:GetDatabases",
                "glue:GetPartitions",
                "lakeformation:GetResourceLFTags",
                "lakeformation:ListLFTags",
                "lakeformation:GetLFTag",
                "lakeformation:SearchTablesByLFTags",
                "lakeformation:SearchDatabasesByLFTags"                
           ],
            "Resource": "*"
        }
    ]
}