Step 1: Create the IAM User to Be the Data Analyst - AWS Lake Formation

Step 1: Create the IAM User to Be the Data Analyst

This user has the minimum set of permissions to query the data lake.

  1. Open the IAM console at https://console.aws.amazon.com/iam. Sign in as the IAM administrator user that you created in Create an Administrator IAM User or as an IAM user with the AdministratorAccess AWS managed policy.

  2. Create a user named datalake_user with the following settings:

    • Enable AWS Management Console access.

    • Set a password and do not require password reset.

    • Attach the AmazonAthenaFullAccess AWS managed policy.

    • Attach the following inline policy. Name the policy DatalakeUserBasic.

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess", "glue:GetTable", "glue:GetTables", "glue:SearchTables", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartitions" ], "Resource": "*" } ] }