Document history for the Amazon DataZone User Guide
The following table describes the documentation releases for Amazon DataZone.
| Change | Description | Date |
|---|---|---|
AmazonDataZoneRedshiftGlueProvisioningPolicy - policy updates | Adding | October 22, 2024 |
AWS CloudFormation support for custom AWS service blueprint | Amazon DataZone added AWS CloudFormation support for the custom AWS service blueprint. This new capability enables you to use AWS CloudFormation to automate environment creation in Amazon DataZone. With custom blueprints, administrators can now seamlessly integrate Amazon DataZone into their existing data pipelines using existing IAM roles to publish data assets to the Amazon DataZone catalog, facilitating governed sharing of those assets and enhancing governance across the entire infrastructure. For more information, see Amazon DataZone resource type reference. | September 12, 2024 |
Domain units | Amazon DataZone introduces a set of new data governance capabilities called domain units and authorization policies that enable customers to create business unit/team level organization and manage policies per their business needs. With the addition of domain units, users can organize, create, search, and find data assets and projects associated with business units or teams. With authorization policies, those domain unit users can set access policies for creating projects, glossaries, and using compute resources within Amazon DataZone. | August 5, 2024 |
Data products | Amazon DataZone introduces data products, which enable the grouping of data assets into well-defined, self-contained packages tailored for specific business use cases. For example, a marketing analysis data product can bundle various data assets, such as marketing campaign data, pipeline data, and customer data. With data products, customers can simplify discovery and subscription processes, aligning them with business objectives and reducing redundancy in handling individual assets. | August 5, 2024 |
AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess - policy updates | Policy updates to the AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess to enable support for the new APIs that are used to create and manage Amazon DataZone domain units and data products. For more information, see Amazon DataZone updates to AWS managed policies. | August 5, 2024 |
Fine-grained access control | Amazon DataZone has introduced fine-grained access control, providing you with granular control over your data assets in Amazon DataZone's business data catalog across data lakes and data warehouses. With the new capability, data owners can now restrict access to specific records of data at row and column levels, instead of granting access to entire data assets. For example, if your data contains columns with sensitive information such as Personally Identifiable Information (PII), you can restrict access to only the necessary columns, ensuring that sensitive information is protected while still allowing access to non-sensitive data. Similarly, you can control access at the row level, allowing users to see only the records that are relevant to their role or task. | July 2, 2024 |
AmazonDataZoneGlueManageAccessRolePolicy - policy update | Policy update to the AmazonDataZoneGlueManageAccessRolePolicy - Amazon DataZone is adding IAM permissions that are used for fine grained access control functionality in order to scope down the permission granting in Lake Formation. For more information, see Amazon DataZone updates to AWS managed policies. | July 2, 2024 |
Data lineage | Amazon DataZone launches data lineage in preview, helping customers visualize lineage events from OpenLineage-enabled systems or through API and trace data movement from source to consumption. Using Amazon DataZone’s OpenLineage-compatible APIs, domain administrators and data producers can capture and store lineage events beyond what is available in Amazon DataZone, including transformations in Amazon S3, AWS Glue, and other services. Additionally, Amazon DataZone versions lineage with each event, enabling users to visualize lineage at any point in time or compare transformations across an asset’s or job’s history. This historical lineage provides a deeper understanding of how data has evolved, essential for troubleshooting, auditing, and validating the integrity of data assets. | June 27, 2024 |
AmazonDataZoneExecutionRolePolicy and AmazonDataZoneFullUserAccess - policy update | Policy update to the AmazonDataZoneExecutionRolePolicy and AmazonDataZoneFullUserAccess to enable support for the data lineage and fine grained access control APIs. For more information, see Amazon DataZone updates to AWS managed policies. | June 27, 2024 |
Custom AWS service blueprint | With custom AWS service blueprints, if you have existing AWS resources including IAM roles, data lakes, data meshes, Amazon S3 buckets, and Amazon Redshift clusters, you are now able to specify permissions to these existing resources using your own custom IAM role, so that your Amazon DataZone users can leverage publication and subscription to share and govern these resources. With custom AWS service blueprints, Amazon DataZone administrators can configure AWS service environments using their own custom roles. They can configure actions links for these AWS service environments and thus provide federated access to any of their existing AWS resources. They can also configure subscription targets and data sources in these custom AWS service environments. Administrators can set up AWS service environments in their own Amazon DataZone domain account or in any associated accounts from which they want to publish, subscribe to, discover, or govern data. | June 17, 2024 |
AmazonDataZoneGlueManageAccessRolePolicy - policy update | Policy update to the AmazonDataZoneGlueManageAccessRolePolicy that adds IAM permissions required for the self-subscribe functionality in Amazon DataZone in order to scope down the permissions granting in lake formation. With the self-subscribe functionality, the lake formation permissions can only be granted to tagged resourcese. For more information, see Amazon DataZone updates to AWS managed policies. | June 14, 2024 |
AmazonDataZoneFullAccess - policy update | Policy update to the AmazonDataZoneFullAccess that enables the
Amazon DataZone management console to create secrets on user's behalf with both domain and
project tags. Also including the | June 14, 2024 |
AmazonDataZoneDomainExecutionRolePolicy - policy update | Policy update to the AmazonDataZoneDomainExecutionRolePolicy that adds new APIs to Amazon DataZone that enable users to configure actions for their Amazon DataZone environments. For more information, see Amazon DataZone updates to AWS managed policies. | June 14, 2024 |
Data source creation enhacements | Amazon DataZone has added enhancements to the data source creation flow to simplify access management for data producers. With these updates, when a data producer creates a data source for publishing their AWS Glue and Amazon Redshift assets, Amazon DataZone grants read-only permissions to the project members. When creating an AWS Glue data source, Amazon DataZone automatically grants 'read-only' permissions to the IAM role of the environment used to create the data source, allowing access to all tables in the associated AWS Glue databases. Similarly, for Amazon Redshift data sources, Amazon DataZone grants 'read-only' access to all tables in the Amazon Redshift schemas used in the data source. | June 10, 2024 |
Integration with Amazon SageMaker | Amazon DataZone launches integration with Amazon SageMaker | May 6, 2024 |
AmazonDataZoneSageMakerProvisioning - new policy | New policy called AmazonDataZoneSageMakerProvisioning grants Amazon DataZone the permissions required to interoperate with Amazon SageMaker. For more information, see Amazon DataZone updates to AWS managed policies. | April 30, 2024 |
AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary - new permissions boundary | New permissions boundary called AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary . When you create an Amazon SageMaker environment via the Amazon DataZone data portal, Amazon DataZone applies this permissions boundary to the IAM roles that are produced during environment creation. The permissions boundary limits the scope of the roles that Amazon DataZone creates and any roles that you add. For more information, see Amazon DataZone updates to AWS managed policies. | April 30, 2024 |
AmazonDataZoneSageMakerAccess - new policy | New policy called AmazonDataZoneSageMakerAccess grants Amazon DataZone the permissions required to grant user access to various resources in the Amazon SageMaker environment. For more information, see Amazon DataZone updates to AWS managed policies. | April 30, 2024 |
AmazonDataZoneFullAccess - policy update | An update to the AmazonDataZoneFullAccess policy that adds access
to | April 30, 2024 |
Lake Formation hybrid access mode | Amazon DataZone has introduced an integration with AWS Lake Formation hybrid access mode.
This integration enables you to easily publish and share your AWS Glue tables through
Amazon DataZone, without the need to register them in AWS Lake Formation first. To get
started, administrators enable the data location registration setting under the
| April 3, 2024 |
Data quality | Amazon DataZone launches integration with AWS Glue Data Quality and offers APIs to integrate data quality metrics from third-party data quality solutions. The new integration enables you to auto-publish AWS Glue Data Quality scores into the Amazon DataZone business data catalog. Amazon DataZone APIs can be used to ingest quality metrics from third-party sources. Once published, data consumers can easily search for data assets, view granular quality metrics, and identify failed checks and rules - empowering business decisions. For more information, see Data quality in Amazon DataZone. | April 3, 2024 |
AmazonDataZoneS3Manage-<region>-<domainId> - new role | New role called AmazonDataZoneS3Manage-<region>-<domainId> that is used when Amazon DataZone calls AWS Lake Formation to register an Amazon Simple Storage Service (Amazon S3) location. AWS Lake Formation assumes this role when accessing the data in that location. For more information, see Amazon DataZone updates to AWS managed policies. | April 1, 2024 |
AmazonDataZoneGlueManageAccessRolePolicy - Policy update | Updated the AmazonDataZoneGlueManageAccessRolePolicy to enable support for permissions that allow Amazon DataZone to enable publishing and access grants to data. For more information, see Amazon DataZone updates to AWS managed policies. | April 1, 2024 |
AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess - Policy update | Updated the AmazonDataZoneDomainExecutionRolePolicy and
AmazonDataZoneFullUserAccess to enable support for the
| March 29, 2024 |
AmazonDataZoneFullAccess - Policy update | Amazon DataZone announced the general availability release of the new generative AI-based capability to improve data discovery, data understanding and data usage by enriching the business data catalog. With a single click, data producers can generate comprehensive business data descriptions and context, highlight impactful columns, and include recommendations on analytical use cases. The launch adds support for APIs that data producers can use to programmatically generate descriptions for assets. | March 27, 2024 |
AmazonDataZoneFullAccess - Policy update | Amazon DataZone has introduced several enhancements to its Amazon Redshift integration, simplifying the process of publishing and subscribing to Amazon Redshift tables and views. These updates streamline the experience for both data producers and consumers, allowing them to quickly create data warehouse environments using pre-configured credentials and connection parameters provided by their Amazon DataZone administrators. Additionally, these enhancements grant administrators greater control over who can use the resources within their AWS accounts and Amazon Redshift clusters, and for what purpose. | March 21, 2024 |
AmazonDataZoneFullAccess - Policy update | Updated the | March 13, 2024 |
AmazonDataZoneDomainExecutionRolePolicy - Policy update | Updated the AmazonDataZoneDomainExecutionRolePolicy to enable support for the ListEnvironmentBlueprintConfigurationSummaries API that is required for creating environment profiles by identifying which blueprints are enabled in which account and region. For more information, see Amazon DataZone updates to AWS managed policies. | February 1, 2024 |
Enhancements to the use of Cloud Formation | Users of Amazon DataZone can now leverage AWS CloudFormation to effectively model and manage a suite of Amazon DataZone resources. This approach facilitates consistent provisioning of resources, while also enabling lifecycle management through infrastructure as code practices. With custom templates, you can precisely define your required resources and their interdependencies. For more information, see the Amazon DataZone resource type reference. | January 18, 2024 |
Custom assets | The support for custom assets enables Amazon DataZone to catalog assets via the Data Portal for unstructured data, including dashboards, queries, and models, making it easier for you to add custom assets directly in the data portal along with the previously available API support. The ability to create, update and publish custom assets in Amazon DataZone, enables you to share, find, subscribe to any type of asset and build a business workflow that provides governance of those assets. For more information, see Create custom asset types. | January 5, 2024 |
Add IAM principals as project members | You can now add IAM principals as project members, even if those IAM principals have
not yet logged into Amazon DataZone (previous requirement). After a domain administrator or IT
administrator adds | January 5, 2024 |
Delete domain | Delete domain is a feature that enables you to more easily delete your domains. Now, you can proceed with domain deletion even if it's not empty (as in contains projects, environments, assets, data sources, etc.). For more information, see Delete Amazon DataZone domains. | December 27, 2023 |
Lake Formation hybrid mode | Amazon DataZone has added support for the AWS Lake Formation hybrid mode. With this support, if you publish an AWS Glue table to Amazon DataZone with its AWS S3 location registered in Lake Formation under hybrid mode, Amazon DataZone treats this table as a managed assets and can manage the subscription grants to this table. Prior to this feature release, Amazon DataZone would treat this table as an unmanaged asset i.e., Amazon DataZone would not be able to grant subscriptions to this table. For more information, see Configure Lake Formation permissions for Amazon DataZone. | December 22, 2023 |
HIPAA compliance | Amazon DataZone is now U.S. Health Insurance Portability and Accountability Act of 1996
(HIPAA) compliant. To view the list of AWS services with HIPAA compliance see https://aws.amazon.com/compliance/hipaa-eligible-services-reference/ | December 14, 2023 |
AmazonDataZoneGlueManageAccessRolePolicy - Policy update | Updated the AmazonDataZoneGlueManageAccessRolePolicy to enable support for the AWS Lake Formation hybrid mode. For more information, see Amazon DataZone updates to AWS managed policies. | December 14, 2023 |
AmazonDataZoneFullUserAccess and AmazonDataZoneDomainExecutionRolePolicy - Policy updates | Amazon DataZone updated the AmazonDataZoneFullUserAccess and the AmazonDataZoneDomainExecutionRolePolicy policies to support the generative AI-powered data descriptions feature in Amazon DataZone. For more information, see Amazon DataZone updates to AWS managed policies. | November 28, 2023 |
AI recommendations | AWS announces the preview of a new generative AI-based capability in Amazon DataZone to improve data discovery, data understanding, and data usage by enriching the business data catalog. With a single click, data producers can generate comprehensive business data descriptions and context, highlight impactful columns, and include recommendations on analytical use cases. With AI recommendations for descriptions in Amazon DataZone, data consumers can identify data tables and columns required for analysis, which enhances data discoverability and cuts down on back-and-forth communications with data producers. The preview is available in Amazon DataZone domains provisioned in the following AWS Regions: US East (N. Virginia), US West (Oregon). For more information, see Using machine learning and generative AI. | November 28, 2023 |
DefaultDataLake blueprint | Amazon DataZone has added an enhancement to the DefaultDataLake blueprint that provides you with better control over who can publish what data from your AWS account. There are two key changes that were introduced with this feature launch. | November 20, 2023 |
AmazonDataZoneEnvironmentRolePermissionsBoundary - Policy update | Amazon DataZone made an update to the
AmazonDataZoneEnvironmentRolePermissionsBoundary managed policy
that consists of an additional | November 17, 2023 |
AmazonDataZoneRedshiftManageAccessRolePolicy - Policy update | Amazon DataZone updated the
AmazonDataZoneRedshiftManageAccessRolePolicy policy by removing the
check on organization ID for the | November 16, 2023 |
GA release of User Guide | General Availability (GA) release of the Amazon DataZone User Guide. | October 15, 2023 |
AmazonDataZoneFullUserAccess - Policy update | Amazon DataZone updated the AmazonDataZoneFullUserAccess policy that grants full access to Amazon DataZone, but it does not allow the management of domains, users, or associated accounts .For more information, see Amazon DataZone updates to AWS managed policies. | October 2, 2023 |
AmazonDataZonePreviewConsoleFullAccess - policy deprecated | Amazon DataZone deprecated the AmazonDataZonePreviewConsoleFullAccess.For more information, see Amazon DataZone updates to AWS managed policies. | September 29, 2023 |
AmazonDataZonePortalFullAccessPolicy - policy deprecated | Amazon DataZone deprecated the AmazonDataZonePortalFullAccessPolicy.For more information, see Amazon DataZone updates to AWS managed policies. | September 29, 2023 |
AmazonDataZoneDomainExecutionRolePolicy - New policy | Amazon DataZone added a new policy called
AmazonDataZoneDomainExecutionRolePolicy. This is the default policy
for the Amazon DataZone | September 25, 2023 |
AmazonDataZoneCrossAccountAdmin - New policy | Amazon DataZone added a new policy called AmazonDataZoneCrossAccountAdmin that enables users to work with Amazon DataZone and its associated accounts. For more information, see Amazon DataZone updates to AWS managed policies. | September 19, 2023 |
AmazonDataZoneRedshiftManageAccessRolePolicy - New policy | Amazon DataZone added a new policy called AmazonDataZoneRedshiftManageAccessRolePolicy that grants permissions to allow Amazon DataZone to enable publishing and access grants to data. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
AmazonDataZoneRedshiftGlueProvisioningPolicy - New policy | Amazon DataZone added a new policy called AmazonDataZoneRedshiftGlueProvisioningPolicy that grants Amazon DataZone the permissions required to interoperate with the supported data sources. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
AmazonDataZoneGlueManageAccessRolePolicy - New policy | Amazon DataZone added a new policy called AmazonDataZoneGlueManageAccessRolePolicy grants Amazon DataZone permissions to publish AWS Glue data to the catalog. It also gives Amazon DataZone permissions to grant access or revoke access to AWS Glue published assets in the catalog. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
AmazonDataZoneFullUserAccess - New policy | Amazon DataZone added a new policy called AmazonDataZoneFullUserAccess that grants full access to Amazon DataZone via the data portal. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
AmazonDataZoneFullAccess - New policy | Amazon DataZone added a new policy called AmazonDataZoneFullAccess that provides full access to Amazon DataZone via the AWS Management Console. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
AmazonDataZoneEnvironmentRolePermissionsBoundary - New policy | Amazon DataZone added a new policy called AmazonDataZoneEnvironmentRolePermissionsBoundary that limits the provisioned IAM principal to which it is attached. For more information, see Amazon DataZone updates to AWS managed policies. | September 12, 2023 |
Managed policy update | Updates to the AmazonDataZonePreviewConsoleFullAccess managed policy. For more information, see Amazon DataZone updates to AWS managed policies. | June 13, 2023 |
Managed policy update | Updates to the AmazonDataZoneProjectDeploymentPermissionsBoundary managed policy. For more information, see Amazon DataZone updates to AWS managed policies. | April 3, 2023 |
Document history for the Amazon DataZone User Guide | Initial release of the Amazon DataZone (Preview) User Guide. | March 29, 2023 |
