Scribd
Upload
13 views

Using AWS Lake Formation with Amazon Athena - AWS Lake Formation

The document provides an overview of using AWS Lake Formation with Amazon Athena, detailing how to set up permissions and manage access control for data stored in Amazon S3. It highlights the integration of Lake Formation with various table formats like Apache Hudi, Iceberg, and Delta Lake, and outlines the support for transactional table formats. Additionally, it includes links to related resources and recommended tasks for users to effectively manage their data lakes.

Uploaded by

d209956
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

Using AWS Lake Formation with Amazon Athena - AWS Lake Formation

The document provides an overview of using AWS Lake Formation with Amazon Athena, detailing how to set up permissions and manage access control for data stored in Amazon S3. It highlights the integration of Lake Formation with various table formats like Apache Hudi, Iceberg, and Delta Lake, and outlines the support for transactional table formats. Additionally, it includes links to related resources and recommended tasks for users to effectively manage their data lakes.

Uploaded by

d209956
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

on.com/contact-us/?

cmpid=docs_headercta_contactus)

idden_service_name=Lake%20Formation&topic_url=https://docs.aws.amazon.com/lake-formation/latest/dg/athena-lf.html)
Get Service Developer AI
Search in this guide
started guides tools Sign In to
resources
the Console (https://console.aws.amazon.com)
(https://docs.aws.amazon.com)
(#) (#) (#) (#)

AWS Lake Formation


Documentation
(https://docs.aws.amazon.co
(https://docs.aws.amazon.com/index.html)
formation/index.html)

Using AWS Lake


Formation with
Amazon Athena
PDF (/pdfs/lake-formation/latest/dg/lake-formation-
dg.pdf#athena-lf)

Focus mode

On this page
Support for transactional table formats(#tables-ate)
Additional resources(#add-resources-ate)

Related resources
AWS Lake Formation API Reference (https://docs.aws.amazon.com/lake-
formation/latest/APIReference/Welcome.html)

AWS CLI commands for AWS Lake Formation


(https://docs.aws.amazon.com/cli/latest/reference/lakeformation/)

SDKs & Tools (https://aws.amazon.com/tools/)


console (revoking-permssions-
console-all.html) Recommended tasks
Cross-account data sharing
(cross-account-permissions.html)

Set up permissions

Setting up permissions for Amazon Redshift datashares


(https://docs.aws.amazon.com/lake-formation/latest/dg/setup-ds-
perms.html)

Grant data location permissions

Granting data location permissions (same account)


(https://docs.aws.amazon.com/lake-formation/latest/dg/granting-locatio
permissions-local.html)

Recently added to this guide

Amazon Athena (https://docs.aws.amazon.com/athena/index.htm


server-less query service that helps you analyze structured, s
structured, and unstructured data stored in Amazon S3. You
use Athena SQL to query data from CSV, JSON, Parquet, and
data formats. Athena SQL also supports table formats like A
Hive (https://hive.apache.org/) , Apache Hudi
(https://hudi.apache.org/) , and Apache Iceberg
(https://iceberg.apache.org/) . Athena integrates with the AWS
Data Catalog to store metadata of your data sets in Amazon
Athena can use Lake Formation to define and maintain acces
control policies on those data sets.

Here are some common use cases where you can use Lake
Formation with Athena.

Use Lake Formation permissions for accessing the Data


Catalog resources (database and tables) from Athena. Yo
use either the named resource method or LF-tags to defi
permissions on database and tables. For more informatio
see:
Granting database permissions using the named reso
method (./granting-database-permissions.html)
Lake Formation tag-based access control (./tag-based
access-control.html)

Note
Lake Formation permissions apply only when usin
Athena SQL to query source data from Amazon S3
and metadata in the Data Catalog.
Athena Spark doesn't support querying Data Cata
tables with Lake Formation permissions. Lake
Formation permissions support both read and wri
operations on databases and tables.

Note
You can't apply data filters when you use LF-Tags
manage permissions on Data Catalog resources.

Control the query results by using Data filters in Lake


Formation (./data-filtering.html#data-filters-about) to secure
tables in your Amazon S3 data lakes by granting permiss
at column, row, and cell-levels. See the limitation on par
projection (https://docs.aws.amazon.com/athena/latest/ug/lf
athena-limitations.html#lf-athena-limitations-data-filters) in
Amazon Athena User Guide.
Enforce fine-grained access control on the data available
the SAML-based Athena user when running federated qu
Athena JDBC and ODBC drivers support configuring fede
access to your data source using SAML-based Identity Pr
(IdP). Use Amazon QuickSight integrated with Lake Form
with your existing IAM role or SAML users or groups to
visualize Athena query results.

Note
Lake Formation permissions for SAML users and
groups will apply only when you submit queries to
Athena using the JDBC or ODBC driver.

For more information, see Using Lake Formation and the


Athena JDBC and ODBC drivers for federated access to A
(https://docs.aws.amazon.com/athena/latest/ug/security-athe
lake-formation-jdbc.html) .

Note
Currently, authorizing access to SAML identities in
Lake Formation is not supported in the following
regions:

Middle East (Bahrain) - me-south-1

Asia Pacific (Hong Kong) - ap-east-1

Africa (Cape Town) - af-south-1

China (Ningxia) - cn-northwest-1

Asia Pacific (Osaka) - ap-northeast-3

Use Cross-account data sharing in Lake Formation (./cross


account-permissions.html) to query tables in another accou

Note
For more information on limitations when using Lake
Formation permissions to Views , see Considerations
and Limitations
(https://docs.aws.amazon.com/athena/latest/ug/security-
athena-lake-formation.html) .

Support for transactional table form


Applying Lake Formation permissions allows you to secure yo
transactional data in your Amazon S3 based data lakes. The t
below lists transactional table formats supported in Athena a
the Lake Formation permissions. Lake Formation enforces th
permissions when Athena users run their queries.

Tab Description and Lake Formation


le allowed operations permissions
for supported in Athe
mat

Apa A format used to Use Data filtering a


che simplify incremental cell-level security i
Hud data processing and Lake Formation
i data pipeline (./data-filtering.html
development. secure Hudi table
using table, column
Athena supports
row, and cell-level
create and read
permissions.
operations using
Apache Hudi table
formats on Amazon S3
data sets for both
Copy on Write (CoW)
and Merge On Read
(MoR) Hudi table
types. Athena does not
support write
operations on Hudi
tables.

Use Athena to query


Hudi datasets
(https://docs.aws.amazon
.com/athena/latest/ug/q
uerying-hudi.html) .

Apa An open table format Table, column, row


che that manages large and cell-level
Iceb collections of files as permissions are
erg tables, and supports supported. Current
modern analytic data Lake Formation
lake operations such as doesn't support
record-level insert, managing permissi
Tab Description and Lake Formation
le allowed operations permissions
for supported in Athe
mat

update, delete, and on write operation


time travel queries. such as VACUUM ,
MERGE , UPDATE a
For more information OPTIMIZE on tab
on Athena's support in Open Table
for Iceberg tables, see Formats.
Using Iceberg tables
(https://docs.aws.amazon
.com/athena/latest/ug/q
uerying-iceberg.html) .

Linu Delta Lake is an open- Table, column, row


x source project that and cell-level
Fou helps to implement permissions are
nda modern data lake supported for sym
tion architectures tables and native
Delt commonly built on Delta Lake tables.
a Amazon S3 or Hadoop
Lak Distributed File System
e (HDFS).

Athena supports Delta


lake tables created
using a symlink-based
manifest table
definition on AWS Glue
Data Catalog from a
Delta Lake table.

For more information,


see Crawl Delta Lake
tables using AWS Glue
crawlers
(https://aws.amazon.com
/blogs/big-data/crawl-
Tab Description and Lake Formation
le allowed operations permissions
for supported in Athe
mat

delta-lake-tables-using-
aws-glue-crawlers/) .

Athena (engine version


3) supports reading
native Delta Lake
tables.

For more information,


see Introducing native
Delta Lake table
support with AWS Glue
crawlers
(https://aws.amazon.com
/blogs/big-
data/introducing-native-
delta-lake-table-support-
with-aws-glue-crawlers/)
.

Additional resources
Blog posts, videos, and workshops

Query an Apache Hudi dataset in an Amazon S3 data lak


Amazon Athena (https://aws.amazon.com/blogs/big-data
1-query-an-apache-hudi-dataset-in-an-amazon-s3-data-lake-w
amazon-athena-part-1-read-optimized-queries/)

Build an Apache Iceberg data lake using Amazon Athena


Amazon EMR, and AWS Glue
(https://aws.amazon.com/blogs/big-data/build-an-apache-ice
data-lake-using-amazon-athena-amazon-emr-and-aws-glue/)
Insert, update, delete on Amazon S3 with Athena and Ap
Iceberg (https://www.youtube.com/watch?v=u1v666EXCJw

LF-Tag based access control (https://catalog.us-east-


1.prod.workshops.aws/workshops/78572df7-d2ee-4f78-b698-
7cafdb55135d/en-US/lakeformation-basics/querying-datalake
based-access-control) Lake Formation workshop on query
data lake.

Related resources
AWS Lake Formation API Reference (https://docs.aws.amazon.com/lake-
formation/latest/APIReference/Welcome.html)

AWS CLI commands for AWS Lake Formation


(https://docs.aws.amazon.com/cli/latest/reference/lakeformation/)

SDKs & Tools (https://aws.amazon.com/tools/)

Recommended tasks

Set up permissions

Setting up permissions for Amazon Redshift datashares


(https://docs.aws.amazon.com/lake-formation/latest/dg/setup-ds-
perms.html)

Grant data location permissions

Granting data location permissions (same account)


(https://docs.aws.amazon.com/lake-formation/latest/dg/granting-locatio
permissions-local.html)

Recently added to this guide


View related pages 1 2 3
Abstracts generated by AI

Lake-formation ›… Emr ›… Code-library ›


Using AWS Delta Lake and Lake
Lake… Lake… Formation…
Redshift Delta Lake fine- Lake Format
Spectrum grained access examples
queries Amazon control, demonstrate
S3 data lakes, snapshot granting/rev
registers AWS queries, read- ng permissio
Glue Data optimized managing LF
Catalog, queries, tags, data
supports metadata tables, filtering,
federated IAM DML INSERT, transactiona
identity access, DDL commands, operations,
row column cell Spark registering
access control, datasource resources, an
Apache Hudi queries query planni
write supported.
operations,
Apache Iceberg
query, Delta
Lake query.

September 13, October 17,


2024 2024 August 22, 2

Discover highly rated pages


Abstracts generated by AI

Lake-formation ›… Lake-formation ›… Lake-formatio


What is AWS AWS Lake Getting
Lake… Formation:… started wit
Lake Formation Lake Formation Create AWS
centrally enforces account, sec
governs, metadata-level root user, en
secures, and permissions on IAM Identity
shares data Data Catalog Center, creat
lakes, managing resources, administrativ

You might also like