Lake Formation Security Demo

Hello,

You can implement column-level, row-level, and cell-level security by creating data filters in LakeFormation. As you already have the glue data catalog tables created along with corresponding data in s3 bucket, you can create a data filter straightaway as per your use-case by referring to the steps mentioned in documentation [1].

You can go to LakeFormation Console and select “Data Filters” using the menu present on the left hand side of the console. Then you can click on “Create new filter” button to create a new data filter for your target database and table. Please select the desired level of Column-level and row-level access as per your use-case and then click on “Create Data Filter” button.

Once the data filter is created, you can go to LakeFormation console and select “Tables”, select the table for which you created the data filter, then go to Actions > Grant to grant the required access.

One of your roles can continue having the full access, and you can restrict the access for the other role based on the data filter your created in the above step.

After completing all the steps, you can query this table easily using Amazon Athena [2] for any of the roles to analyze the differences caused by data filters.

If you don't want to use Athena, you can consider using Amazon Redshift Spectrum [3] with AWS Lake Formation. Please refer to documentation [4] for more guidance.

References:

[1] https://docs.aws.amazon.com/lake-formation/latest/dg/data-filtering-overview.html

[2] Amazon Athena: https://aws.amazon.com/athena/

[3] Amazon Redshift Spectrum: https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum.html

[4] https://docs.aws.amazon.com/redshift/latest/dg/spectrum-lake-formation.html