Prerequisites
Before you start this tutorial, you must have an Amazon Web Services account that you can use to sign in as an administrative user with correct permissions. For more information, see Complete initial Amazon configuration tasks.
The tutorial assumes that you are familiar with IAM. For information about IAM, see the IAM User Guide
You need the following resources for this tutorial:
-
Two organizational units:
OU1 – Contains Account A
OU2 – Contains Account B
An Amazon S3 data lake location (bucket) in Account A.
A data lake administrator user in Account A. You can create a data lake administrator using the Lake Formation console (https://console.amazonaws.cn/lakeformation/
) or the PutDataLakeSettings
operation of the Lake Formation API.Lake Formation configured in Account A, and the Amazon S3 data lake location registered with Lake Formation in Account A.
Two users in Account B with the following IAM managed policies:
testuser1 – has the Amazon managed policies
AWSLakeFormationDataAdmin
attached.testuser2 – Has the Amazon managed policy
AmazonAthenaFullAccess
attached.
A database testdb in the Lake Formation database for Account B.