We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We and our advertising partners (“we”) may use information we collect from or about you to show you ads on other websites and online services. Under certain laws, this activity is referred to as “cross-context behavioral advertising” or “targeted advertising.”
To opt out of our use of cookies or similar technologies to engage in these activities, select “Opt out of cross-context behavioral ads” and “Save preferences” below. If you clear your browser cookies or visit this site from a different device or browser, you will need to make your selection again. For more information about cookies and how we use them, read our Cookie Notice.
To opt out of the use of other identifiers, such as contact information, for these activities, fill out the form here.
For more information about how AWS handles your information, read the AWS Privacy Notice.
Unable to save cookie preferences
We will only store essential cookies at this time, because we were unable to save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.
Este conteúdo não está disponível no idioma selecionado. Estamos trabalhando constantemente para disponibilizar nosso conteúdo no idioma selecionado. Agradecemos pela paciência.
AWS Lake Formation makes it easier to centrally govern, secure, and globally share data for analytics and machine learning (ML).
With Lake Formation, you can centralize data security and governance using the AWS Glue Data Catalog, letting you manage metadata and data permissions in one place with familiar database-style features. It also delivers fine-grained data access control, so you can help ensure users have access to the right data down to the row and column level. You can then scale permissions across your users.
Lake Formation also makes it easier to share data internally across your organization and externally by using AWS Data Exchange, which lets you create a data mesh or meet other data sharing needs with no data movement.
Additionally, because Lake Formation tracks data interactions by role and user, it provides comprehensive data access auditing to verify the right data was accessed by the right users at the right time.
Lake Formation centralizes permission management on your data resources in the AWS Glue Data Catalog, including databases and tables. You can define and manage access by role for your users and applications using familiar database-like grants, bringing the simplicity of data warehouses and databases to your data lake.
Define and manage fine-grained access controls
Lake Formation provides a single place to manage access controls for data in your data lake. You can define security policies that restrict access to data at the database, table, column, row, and cell levels with fine-grained access control (FGAC). These policies apply to AWS IAM users and roles and to users and groups when federating through an external identity provider. You can use FGAC to access data secured by Lake Formation within Amazon Redshift Spectrum, Amazon Athena, AWS Glue ETL, and Amazon EMR for Apache Spark.
Enforce permissions with AWS analytics services integration
Lake Formation is integrated with third-party partners so you can extend your permissions management to the engines you prefer, such as Starburst and Dremio. Lake Formation also integrates with Privacera and Collibra so you can pull permissions or push permissions with Lake Formation and exploit the reach of permissions management capabilities in both Privacera and Collibra. See the documentation for more information on Lake Formation partnerships.
Simplify security management and governance at scale
Lake Formation makes it easier to scale permissions across users with tag-based access controls. With tag-based access controls, you can set attributes on data and apply permissions to those attributes to scale. Lake Formation tag-based access control (LF-TBAC) dynamically uses data attributes in the tags to scale permissions as data changes.
Scale dynamic permissions with AI-driven tag management
Lake Formation tags can be quickly populated with your own business rules and ontologies such as departments, product lines, data ownership, data sensitivity (for example, public or private), and data classification (for example, Social Security Number, phone numbers). You can dynamically manage your tag values by using integrated AWS services, including AWS Glue Sensitive Data Detection. AWS Glue Sensitive Data Detection can identify a variety of personally identifiable information (PII) and other sensitive data like credit card numbers, helping you tag for data audit purposes or sensitive information.
Manage permissions for your data from a centralized catalog
Lake Formation lets you build permissions on databases and tables within the AWS Glue Data Catalog. This allows you to use the AWS Glue Data Catalog as a hub for managing and sharing your data. With AWS Glue Data Catalog federation features, you can extend permissions to data cataloged by your own Hive metastore or with Amazon Redshift data sharing. You can set up and enforce permissions on datasets presented through the AWS Glue Data Catalog, making it easier to control access to your data no matter where it lives.
Allow secure data sharing across your organization
AWS Lake Formation allows for data sharing with zero ETL, making it easier to maintain control of your data while still ensuring users have access. Lake Formation simplifies data sharing, letting you create a data mesh or meet other data-sharing needs. Lake Formation cross-account and cross-Region data-linking capabilities allow users to securely share distributed data lakes across multiple AWS accounts, AWS Organizations, and AWS Regions. Lastly, with Lake Formation data sharing, you can directly control who you are sharing data with, such as selecting the exact IAM principals in other accounts to help ensure data ownership is controlled by the owner once it is shared.
Simplify business-to-business data sharing
AWS Lake Formation allows business-to-business data sharing external to your organization for licensing or other uses. Lake Formation integrates with AWS Data Exchange — an AWS service that lets you find, subscribe to, and use third-party data in the cloud — so you can share data with external businesses without moving or copying the data.
Discover relevant data for analysis
With Lake Formation permissions on the AWS Glue Data Catalog, users enjoy online, text-based search capabilities to provide them a better understanding of data within the AWS Glue Data Catalog. You can search for relevant data by name, content, sensitivity, or any other defined custom labels.
Lake Formation provides comprehensive audit logs with Amazon CloudTrail to monitor access and compliance with centrally defined policies. You can audit data access history across analytics and machine learning (ML) services that read the data using Lake Formation. This lets you see which users or roles have attempted to access what data and when. You can access audit logs in the same way you access other CloudTrail logs using the CloudTrail APIs and console.