Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cross account access from Athena to S3

0

Hi,

I have a customer who has an S3 bucket in one account and wants to run Athena queries from a different account on data stored in the bucket. They don't want to provide root account level access to that bucket. Is there is an easier way to have granular cross account permissions implemented, other then bucket policies?

Could S3 Access Points be an option?

Thanks

Themen
SpeicherAnalysen
Tags
Amazon Simple Storage ServiceAmazon Athena
Sprache
English
AWS-User-6013776
gefragt vor 4 Jahren2129 Aufrufe
1 Antwort
0
Akzeptierte Antwort

With Lake formation, it is super easy to granting/manage centralize access to various AWS services which include Athena, RS-S, EMR, etc.

In order to build cross account Data Lake -

  1. Grant access to your cross account bucket by following below doc

    https://docs.aws.amazon.com/lake-formation/latest/dg/register-cross-account.html

  2. Register your bucket in Lake formation

  3. Create database

  4. Grant access to registered bucket and database

  5. Crawl you registered bucket

  6. Start granting access to different Personas

https://docs.aws.amazon.com/lake-formation/latest/dg/permissions-reference.html

You can follow below doc to learn how to build it.

https://aws.amazon.com/blogs/big-data/access-and-manage-data-from-multiple-accounts-from-a-central-aws-lake-formation-account/

AWS
Navnit_Shukla
beantwortet vor 4 Jahren
profile picture
EXPERTE
Giovanni Lauria
überprüft vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt