Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Cross account access from Athena to S3

0

Hi,

I have a customer who has an S3 bucket in one account and wants to run Athena queries from a different account on data stored in the bucket. They don't want to provide root account level access to that bucket. Is there is an easier way to have granular cross account permissions implemented, other then bucket policies?

Could S3 Access Points be an option?

Thanks

Argomenti
ArchiviazioneAnalisi
Tag
Servizio di archiviazione semplice di AmazonAmazon Athena
Lingua
English
AWS-User-6013776
posta 4 anni fa2129 visualizzazioni
1 Risposta
0
Risposta accettata

With Lake formation, it is super easy to granting/manage centralize access to various AWS services which include Athena, RS-S, EMR, etc.

In order to build cross account Data Lake -

  1. Grant access to your cross account bucket by following below doc

    https://docs.aws.amazon.com/lake-formation/latest/dg/register-cross-account.html

  2. Register your bucket in Lake formation

  3. Create database

  4. Grant access to registered bucket and database

  5. Crawl you registered bucket

  6. Start granting access to different Personas

https://docs.aws.amazon.com/lake-formation/latest/dg/permissions-reference.html

You can follow below doc to learn how to build it.

https://aws.amazon.com/blogs/big-data/access-and-manage-data-from-multiple-accounts-from-a-central-aws-lake-formation-account/

AWS
Navnit_Shukla
con risposta 4 anni fa
profile picture
ESPERTO
Giovanni Lauria
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente