Monitoring and auditing data sharing in Amazon Redshift

By auditing data sharing, producers can track the datashare evolution. For example, auditing helps track when datashares are created, objects are added or removed, and permissions are granted or revoked to Amazon Redshift clusters, AWS accounts, or AWS Regions.

In addition to auditing, producers and consumers track datashare usage at various granularities, such as account, cluster, and object levels. For more information about tracking usage and auditing views, see SVL_DATASHARE_CHANGE_LOG and SVL_DATASHARE_USAGE_PRODUCER.

You can monitor datashares by querying system views.

1. The producer cluster administrator who wants to share data creates an Amazon Redshift datashare. The producer cluster administrator then adds the needed database objects. These might be schemas, tables, and views to the datashare and specifies a list of consumers that the objects to be shared with.

   Use the following system views to see consolidated views for tracking changes to and usage of datashares on producer and/or consumer clusters:

   • SYS_DATASHARE_CHANGE_LOG

   • SYS_DATASHARE_USAGE_CONSUMER

   • SYS_DATASHARE_USAGE_PRODUCER

   Use the following system views to see datashare objects and data consumer information for outbound datashares:

   • SVV_DATASHARES

   • SVV_DATASHARE_CONSUMERS

   • SVV_DATASHARE_OBJECTS

2. The consumer cluster administrators look at the datashares for which they're granted use and review the contents of each datashare by viewing inbound datashares using SVV_DATASHARES.

   To consume shared data, each consumer cluster administrator creates an Amazon Redshift database from the datashare. The administrator then assigns permissions to appropriate users and roles in the consumer cluster. Users and roles can list the shared objects as part of the standard metadata queries by viewing the following metadata system views and can start querying data immediately.

   • SVV_REDSHIFT_COLUMNS

   • SVV_REDSHIFT_DATABASES

   • SVV_REDSHIFT_FUNCTIONS

   • SVV_REDSHIFT_SCHEMAS

   • SVV_REDSHIFT_TABLES

   To view objects of both Amazon Redshift local and shared schemas and external schemas, use the following metadata system views to query them.

   • SVV_ALL_COLUMNS

   • SVV_ALL_SCHEMAS

   • SVV_ALL_TABLES

Integrating Amazon Redshift data sharing with AWS CloudTrail

Data sharing is integrated with AWS CloudTrail. CloudTrail is a service that provides a record of actions taken by a user, a role, or an AWS service in Amazon Redshift. CloudTrail captures all API calls for data sharing as events. The calls captured include calls from the AWS CloudTrail console and code calls to the data sharing operations. For more information about Amazon Redshift integration with AWS CloudTrail, see Logging with CloudTrail.

For more information about CloudTrail, see How CloudTrail works.