Redshift Spectrum Access to Lake Formation
My customer is looking to provide fine-grained access from Redshift Spectrum to data governed by Lake Formation. They are wondering how access can be controlled and if this can be done through users in Redshift or if this can only be done via IAM. From the various documentation I have looked at, it appears that you can only modify the policy on the Redshift cluster to access the data and that individual users cannot be restricted further.
Documentation I've read through: https://docs.aws.amazon.com/lake-formation/latest/dg/tut-query-redshift.html https://docs.aws.amazon.com/redshift/latest/dg/r_REVOKE.html
- 新しい順
- 投票が多い順
- コメントが多い順
You can add multiple roles to a Redshift cluster (up to 10 per clusters), and in Amazon Lake formation you could assign different permission sets to each of these 10 roles. Back in Redshift you could create a different External Schema for each role pointing to the same Catalog in Lake Formation, and then assign USAGE privilege on the different External schemas to the various users (or better groups) depending on the permission you want to assign them; this should allow you to "partially" implement a user access strategy in Redshift as well.
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
