AWS Clean Rooms Glossary
Consult this glossary to become familiar with terminology that is used for AWS Clean Rooms.
Aggregation analysis rule
The query restriction that allows queries that aggregate analysis using COUNT, SUM, or AVG functions along optional dimensions. These queries won't reveal row-level information.
Supports use cases such as campaign planning, media reach, frequency, and conversion measurement.
Other types of analysis rules are custom and list.
Analysis rules
The query restrictions that authorize a specific type of query.
The analysis rule type determines what kind of analysis can be run on the configured table. Each type has a predefined query structure. You control how your table columns can be used in the structure through the query controls.
The types of analysis rules are aggregation, list, and custom.
Analysis template
A collaboration-specific, pre-approved query that can be reused.
Supports custom SQL queries supported in AWS Clean Rooms.
Can contain parameters wherever a literal value could typically appear in a SQL query. For more information about supported parameter types, see Data types in the AWS Clean Rooms SQL Reference.
Analysis templates only work with the custom analysis rule.
C3R encryption client
The Cryptographic Computing for Clean Rooms (C3R) encryption client.
Used to encrypt and decrypt data, C3R is a client-side encryption SDK with a command line interface.
Cleartext column
A column that is not cryptographically protected for either a JOIN or SELECT SQL construct.
Cleartext columns can be used in any part of the SQL query.
Collaboration
A secure logical boundary in AWS Clean Rooms in which members can perform SQL queries on configured tables.
Collaborations are created by the collaboration creator.
Only members who have been invited to the collaboration can join the collaboration.
A collaboration can have only one member who can query data, one member who can receive results, and one member paying for query compute costs.
All members can see the list of invited participants in the collaboration before they join the collaboration.
Collaboration creator
The member who creates a collaboration.
There is only one collaboration creator per collaboration.
Only the collaboration creator can remove members from the collaboration or delete the collaboration.
Configured table
Each configured table represents a reference to an existing table in the AWS Glue Data Catalog that has been configured for use in AWS Clean Rooms. A configured table contains an analysis rule that determines how the data can be used.
Currently, AWS Clean Rooms supports associating data stored in Amazon Simple Storage Service (Amazon S3) that is cataloged through AWS Glue.
For more information about AWS Glue, see the AWS Glue Developer Guide.
Configured tables can be associated to one or more collaborations.
Note
AWS Clean Rooms does not currently support Amazon S3 bucket locations that are registered with AWS Lake Formation.
Custom analysis rule
The query restriction that allows a specific set of pre-approved queries (analysis templates) or allows a specific set of accounts that can provide queries that use your data.
Supports use cases such as first-touch attribution, incremental analyses, and audience discovery analyses.
Supports differential privacy.
Decryption
The process of transforming encrypted data back to its original form. Decryption can only be performed if you have access to the secret key.
Differential privacy
A mathematically-rigorous technique that protects the collaboration data from the member who can receive results learning about a specific individual.
Encryption
The process of encoding data into a form that appears random using a secret value called a key. It's impossible to determine the original plaintext without access to the key.
Fingerprint column
A column that is cryptographically protected for a JOIN SQL construct.
List analysis rule
The query restriction that allows queries that output row-level attribute analysis of the overlap between this table and the tables of the member who can query.
Supports use cases such as enrichment and audience building or suppression.
Member
An AWS customer who is a participant in a collaboration.
A member is identified using their AWS account.
All members can contribute data.
Member who can query
The member who can query data in the collaboration.
There is only one member who can query per collaboration, and that member is immutable.
An administrative user can use AWS Identity and Access Management (IAM) permissions to control which of their IAM principals (such as users or roles) can query data in the collaboration. For more information, see Create a service role to read data.
Member who can receive results
The member who can receive query results. The member who can receive results specifies query results settings for the Amazon S3 destination and the query result format.
There is only one member who can receive results per collaboration, and that member is immutable.
Member paying for query compute costs
The member who is responsible for paying for query compute costs.
There is only one member who is responsible for paying for query compute costs per collaboration, and that member is immutable.
If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer.
The member paying for query compute costs receives a bill for the queries that have been run in the collaboration.
Membership
A resource created when a member joins a collaboration.
All resources that the member associates to a collaboration are a part of the membership or are associated with the membership.
Only the member that owns the membership can add, remove, or edit resources in that membership.
Sealed column
A column that is cryptographically protected for a SELECT SQL construct.
