Step 5: Secure new Data Catalog resources - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 5: Secure new Data Catalog resources

Next, secure all new Data Catalog resources by changing the default Data Catalog settings. Turn off the options to use only Amazon Identity and Access Management (IAM) access control for new databases and tables.

Warning

If you have automation in place that creates databases and tables in the Data Catalog, the following steps might cause the automation and downstream extract, transform, and load (ETL) jobs to fail. Proceed only after you have either modified your existing processes or granted explicit Lake Formation permissions to the required principals. For information about Lake Formation permissions, see Lake Formation permissions reference.

To change the default Data Catalog settings

  1. Open the Amazon Lake Formation console at https://console.amazonaws.cn/lakeformation/. Sign in as an IAM administrative user (the user Administrator or another user with the AdministratorAccess Amazon managed policy).

  2. In the navigation pane, choose Settings.

  3. On the Data catalog settings page, clear both check boxes, and then choose Save.

The next step is to grant users access to additional databases or tables in the future. See Step 6: Give users a new IAM policy for future data lake access.