En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Cross account access from Athena to S3

0

Hi,

I have a customer who has an S3 bucket in one account and wants to run Athena queries from a different account on data stored in the bucket. They don't want to provide root account level access to that bucket. Is there is an easier way to have granular cross account permissions implemented, other then bucket policies?

Could S3 Access Points be an option?

Thanks

Sujets
StockageAnalytique
Balises
Simple service de stockage AmazonAmazon Athena
Langue
English
AWS-User-6013776
demandé il y a 4 ans2128 vues
1 réponse
0
Réponse acceptée

With Lake formation, it is super easy to granting/manage centralize access to various AWS services which include Athena, RS-S, EMR, etc.

In order to build cross account Data Lake -

  1. Grant access to your cross account bucket by following below doc

    https://docs.aws.amazon.com/lake-formation/latest/dg/register-cross-account.html

  2. Register your bucket in Lake formation

  3. Create database

  4. Grant access to registered bucket and database

  5. Crawl you registered bucket

  6. Start granting access to different Personas

https://docs.aws.amazon.com/lake-formation/latest/dg/permissions-reference.html

You can follow below doc to learn how to build it.

https://aws.amazon.com/blogs/big-data/access-and-manage-data-from-multiple-accounts-from-a-central-aws-lake-formation-account/

AWS
Navnit_Shukla
répondu il y a 4 ans
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents