Step 5: Secure New Data Catalog Resources - AWS Lake Formation

Step 5: Secure New Data Catalog Resources

Next, secure all new Data Catalog resources by changing the default Data Catalog settings. Turn off the options to use only AWS Identity and Access Management (IAM) access control for new databases and tables.

Warning

If you have automation in place that creates databases and tables in the Data Catalog, the following steps might cause the automation and downstream extract, transform, and load (ETL) jobs to fail. Proceed only after you have either modified your existing processes or granted explicit Lake Formation permissions to the required principals. For information about Lake Formation permissions, see Lake Formation Permissions Reference.

To change the default Data Catalog settings

  1. Open the AWS Lake Formation console at https://console.aws.amazon.com/lakeformation/. Sign in as an IAM administrative user (the user Administrator or another user with the AdministratorAccess AWS managed policy).

  2. In the navigation pane, choose Settings.

  3. On the Data catalog settings page, clear both check boxes, and then choose Save.

The next step is to grant users access to additional databases or tables in the future. See Step 6: Give Users a New IAM Policy for Future Data Lake Access.