Step 1: Create a data analyst user
In this step, you create an AWS Identity and Access Management (IAM) user to be the data analyst for your data lake in AWS Lake Formation.
This user has the minimum set of permissions to query the data lake.
-
Open the IAM console at https://console.aws.amazon.com/iam
. Sign in as the administrator user that you created in Create an administrative user or as a user with the AdministratorAccess
AWS managed policy. -
Create a user named
datalake_user
with the following settings:-
Enable AWS Management Console access.
-
Set a password and do not require password reset.
-
Attach the
AmazonAthenaFullAccess
AWS managed policy. -
Attach the following inline policy. Name the policy
DatalakeUserBasic
.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess", "glue:GetTable", "glue:GetTables", "glue:SearchTables", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartitions", "lakeformation:GetResourceLFTags", "lakeformation:ListLFTags", "lakeformation:GetLFTag", "lakeformation:SearchTablesByLFTags", "lakeformation:SearchDatabasesByLFTags" ], "Resource": "*" } ] }
-