- 新しい順
- 投票が多い順
- コメントが多い順
Hello,
Lake Formation allows you to share data internally and externally across multiple AWS accounts, organizations or directly with IAM principals in another account providing fine-grained access to the AWS Glue Data Catalog metadata and underlying data.
Lake Formation permissions model enables fine-grained access to data stored in data lakes through a simple grant or revoke mechanism, much like a relational database management system (RDBMS) and are enforced using granular controls at the column, row, and cell-levels across AWS services, including Amazon Redshift Spectrum and AWS Glue.
Redshift Spectrum supports two ways of registering an external AWS Glue data catalog enabled with Lake Formation.
- Using a cluster attached IAM role that has permission to the Data Catalog
- Using a federated IAM identity configured to manage access to external AWS Glue Data Catalog resources
Redshift Spectrum supports querying Lake Formation tables using federated IAM identities. The IAM identities can be an IAM user or an IAM role. For more information see the below links [1][2][3].
For more guidance, it is recommended to open a support case from your account(s) and we will gladly assist.
References:
[1] https://docs.aws.amazon.com/lake-formation/latest/dg/glue-features-lf.html [2] https://docs.aws.amazon.com/lake-formation/latest/dg/RSPC-lf.html [3] https://docs.aws.amazon.com/redshift/latest/dg/spectrum-lake-formation.html
関連するコンテンツ
AWS公式更新しました 1年前
