Upgrading AWS Glue data permissions to the AWS Lake Formation model

AWS Lake Formation permissions enable fine-grained access control for data in your data lake. You can use the Lake Formation permissions model to manage your existing AWS Glue Data Catalog objects and data locations in Amazon Simple Storage Service (Amazon S3).

The Lake Formation permissions model uses coarse-grained AWS Identity and Access Management (IAM) permissions for API service access. It restricts the data that your users and those services can access via Lake Formation functionality. By comparison, the AWS Glue model grants data access via fine-grained access control IAM permissions. To make the switch, follow the steps in this guide.

For more information, see Overview of Lake Formation permissions .

Topics

• About upgrading to the Lake Formation permissions model
• Step 1: List users' and roles' existing permissions
• Step 2: Set up equivalent Lake Formation permissions
• Step 3: Give users IAM permissions to use Lake Formation
• Step 4: Switch your data stores to the Lake Formation permissions model
• Step 5: Secure new Data Catalog resources
• Step 6: Give users a new IAM policy for future data lake access
• Step 7: Clean up existing IAM policies