Upgrading Amazon Glue data permissions to the Amazon Lake Formation model
Amazon Lake Formation permissions enable fine-grained access control for data in your data lake. You can use the Lake Formation permissions model to manage your existing Amazon Glue Data Catalog objects and data locations in Amazon Simple Storage Service (Amazon S3).
The Lake Formation permissions model uses coarse-grained Amazon Identity and Access Management (IAM) permissions for API service access. It restricts the data that your users and those services can access via Lake Formation functionality. By comparison, the Amazon Glue model grants data access via fine-grained access control IAM permissions. To make the switch, follow the steps in this guide.
For more information, see Overview of Lake Formation permissions .
Topics
- About upgrading to the Lake Formation permissions model
- Step 1: List users' and roles' existing permissions
- Step 2: Set up equivalent Lake Formation permissions
- Step 3: Give users IAM permissions to use Lake Formation
- Step 4: Switch your data stores to the Lake Formation permissions model
- Step 5: Secure new Data Catalog resources
- Step 6: Give users a new IAM policy for future data lake access
- Step 7: Clean up existing IAM policies