Posted On: Aug 10, 2023
Cross-account sharing version 3 in Amazon Lake Formation is now available. Version 3 includes features to improve ease of use in granting cross-account permissions using Lake Formation. You can now share Amazon Glue Data Catalog resources such as, databases and tables, from one account directly to another account’s IAM principals, namely, IAM roles and IAM users. Version 3 eliminates the additional manual step of writing Data Catalog resource policies while using LF-tags based cross-account sharing. Finally, you can share Data Catalog resources with an Amazon Organization/Org unit using LF-tags based sharing.
Previously, you were only able to share Amazon Glue Data Catalog resources across Amazon Web Services accounts at the root level. In this scenario, the data lake administrator for the receiving account would need to further delegate access to the shared tables to specific IAM principals. With Version 3, data owners can grant direct access to specific IAM principals in other accounts, removing the additional delegation steps.
When using LF-tags to share resources across accounts, you no longer need to keep your Data Catalog policies in sync. Instead, your receiving account data lake admin will have to accept a data sharing request once.
Amazon Lake Formation is available in the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD.
To learn more, visit our web page or product documentation.