Creating a HealthLake data store - AWS HealthLake

Creating a HealthLake data store

After November, 14, 2022, the IAM requirements to access HealthLake changed. To both create analytics enabled data stores and to grant access to them in Athena, add the AWSLakeFormationDataAdmin managed policy to your IAM user, group or role. The AWSLakeFormationDataAdmin policy allows you to create data lake administrators and to grant access to data stores in Athena.

The status of a data store is available on the Data stores page in the console. A HealthLake data store can have the following statuses:

  • Creating – Your data store is being created.

  • Active – Your data store is active. You can import and export data from it. You can also manage and search the FHIR resources you have stored in the data store.

  • Deleting – Your data store is being deleted.

  • Deleted – Your data store has been deleted.

HealthLake console differences

The HealthLake console does not support creating a SMART on FHIR enabled data store. To create a SMART on FHIR enabled data store, you must use the AWS CLI or one of the AWS supported SDKS. To learn more, see Integrating SMART on FHIR with AWS HealthLake. Also, the console does not differentiate between the two types of data stores supported by HealthLake when you view an individual data store's details page.

To create a HealthLake data store (AWS Management Console)

  1. Open the HealthLake console at https://console.aws.amazon.com//healthlake/home.

  2. Open the Navigation pane (≡).

  3. Then, choose Data Stores.

  4. Next, choose Create Data Store.

  5. In the Data Store settings section, for Data Store name specify a name.

  6. (Optional) In the Data Store settings section, for Preload sample data select the check box to preload Synthea data.

  7. In the Data Store encryption section, choose either Use AWS owned key (default) or Choose a different AWS KMS key (advanced).

  8. In the Tags - optional section, you can add tags to your data store.

  9. Next, choose Create Data Store.

The status of your data stores are available on the Data stores page. A HealthLake data store can have the following statuses:

  • Creating – Your data store is being created.

  • Active – Your data store is active. You can import and export data from it. You can also manage and search the FHIR resources in the data store.

  • Deleting – Your data is being deleted.

  • Deleted – Your data store has been deleted. This cannot be undone.

To create a HealthLake data store (AWS CLI and SDKs)

You can use the following code examples to create a HealthLake data store.

AWS CLI

The following example demonstrates using the CreateFHIRDatastore operation with the AWS CLI. To run the example, you must install the AWS CLI. When you create your data store, encryption at rest defaults to an AWS-owned KMS key, unless specified otherwise. To learn more about encryption at REST for HealthLake see, Encryption at REST for AWS HealthLake.

The example is formatted for Unix, Linux, and macOS. For Windows, replace the backslash (\) Unix continuation character at the end of each line with a caret (^).

aws healthlake create-fhir-datastore \
  --datastore-type-version R4 \
  --preload-data-config PreloadDataType="SYNTHEA" \
  --datastore-name "your-data-store-name"

When successful, you get the following JSON response. When your data store is ready to ingest data, the status changes to ACTIVE. To learn more about importing data to your HealthLake data store, see Importing files into HealthLake data stores.

{
    "DatastoreId": "eeb8005725ae22b35b4edbdc68cf2dfd",
	"DatastoreArn": "arn:aws:healthlake:us-west-2:111122223333:datastore/fhir/eeb8005725ae22b35b4edbdc68cf2dfd",
    "DatastoreStatus": "CREATING",
    "DatastoreEndpoint": "https://healthlake.us-west-2.amazonaws.com/datastore/eeb8005725ae22b35b4edbdc68cf2dfd/r4/"
}

To view a list of all data storesdata stores, you can use the ListFHIRDataStore operation. You can also see a list of Active data stores in the HealthLake console.

Python (boto3)

The following example demonstrates how to create a HealthLake data store using the create_fhir_datastore operation. When you create your data store encryption at rest defaults to an AWS-owned AWS KMS key unless specified otherwise. To learn more about encryption at REST for HealthLake see, Encryption at REST for AWS HealthLake.

import boto3
import logging #built in logging library
from botocore.exceptions import ClientError, ValidationError #specific exception ClientError from the boto3 library

def create_healthlake_datastore(DatastoreName=None):
    '''
    :param DatastoreName: the name of the data store, string
    :param:
    :return: True if the data store is created, else False
    '''

    # Create an Amazon Healthlake data store
    # Should we say something about region setting?
    # Should this example have some handling KMS keys

    try:
        if DatastoreName is None:
            healthlake_client = boto3.client('healthlake')
            healthlake_client.create_fhir_datastore(DatastoreTypeVersion='R4')

        else:
            healthlake_client = boto3.client('healthlake')
            healthlake_client.create_fhir_datastore(DatastoreTypeVersion='R4',
                                                    DatastoreName=DatastoreName)
    except (ClientError, ValidationError) as e:
        logging.error(e)
        return False

    return True

# Run the function above
create_healthlake_datastore(DatastoreName='test-datastore-delete-me-2')

A data store can have one of four statuses. Use list_fhir_datastores to view a list of your HealthLake data stores regardless of status. This example shows how you can filter based on the status of a data store.

import boto3

healthlake_client = boto3.client('healthlake')
data_store_list = healthlake_client.list_fhir_datastores(Filter={'DatastoreStatus': 'ACTIVE'})
print(data_store_list)

To learn more, see list_fhir_datastore in the Boto3 Documentation.

Java

The following example demonstrates how to create HealthLake data store using the CreateFHIRDatastoreRequest operation. To run the example, you must install the AWS SDK for Java. When you create your data store encryption at rest defaults to an AWS-owned AWS KMS key unless specified otherwise. To learn more about encryption at REST for HealthLake see, Encryption at REST for AWS HealthLake.

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;

import com.amazonaws.services.HealthLake.AWSHealthLake;
import com.amazonaws.services.HealthLake.AWSHealthLakeClient;
import com.amazonaws.services.HealthLake.model.CreateFHIRDatastoreRequest;
import com.amazonaws.services.HealthLake.model.CreateFHIRDatastoreResult;
import com.amazonaws.services.HealthLake.model.DescribeFHIRDatastoreRequest;
import com.amazonaws.services.HealthLake.model.DescribeFHIRDatastoreResult;
import com.amazonaws.services.HealthLake.model.FHIRVersion;
import com.amazonaws.services.HealthLake.model.ListFHIRDatastoresRequest;
import com.amazonaws.services.HealthLake.model.ListFHIRDatastoresResult;
import com.amazonaws.services.HealthLake.model.PreloadDataConfig;
import com.amazonaws.services.HealthLake.model.PreloadDataType;

public class App{

    public static void main( String[] args ) {

        // Create credentials using a provider chain. For more information, see
        // https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
        AWSCredentialsProvider awsCreds = DefaultAWSCredentialsProviderChain.getInstance();

        AWSHealthLake awsHealthLake = AWSHealthLakeClient.builder()
            .withRegion("us-east-1").withCredentials(awsCreds).defaultClient();

        CreateFHIRDatastoreRequest createFHIRDatastoreRequest = new CreateFHIRDatastoreRequest()
            .withData StoreName("TestDatastore123")
            .withData StoreTypeVersion(FHIRVersion.R4)
            .withPreloadDataConfig(new PreloadDataConfig()
                .withPreloadDataType(PreloadDataType.SYNTHEA));



    }
}