Managing datashares from other accounts as a consumer

With Amazon Redshift, you can consume datashares from other AWS accounts, enabling cross-account data sharing and collaboration. A datashare is a secure way to share live data across Amazon Redshift clusters, even if they are in different AWS accounts. The following sections provide detailed steps for configuring access, querying shared data, and monitoring datashare activity as a consumer.

Associating datashares

As a consumer cluster administrator, you can associate one or more datashares that are shared from other accounts to your entire AWS account or specific cluster namespaces in your account.

1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/.

2. On the navigation menu, choose Datashares. The datashare list page appears.

3. Choose From other accounts.

4. In the Datashares from other accounts section, choose the datashare that you want to associate and choose Associate. When the Associate datashare page appears, choose one of the following Association types:

   • Choose Entire AWS account to associate all existing and future cluster namespaces across different AWS Regions in your AWS account with the datashare. Then choose Associate.

     If the datashare is published to the AWS Glue Data Catalog, you can only associate the datashare with the entire AWS account.

   • Choose Specific AWS Regions and cluster namespaces to associate one or more AWS Regions and specific cluster namespaces with the datashare.

     1. Choose Add Region to add specific AWS Regions and cluster namespaces to the datashare. The Add AWS Region page appears.

     2. Choose an AWS Region.

     3. Do one of the following:

        • Choose Add all cluster namespaces to add all existing and future cluster namespaces in this Region to the datashare.

        • Choose Add specific cluster namespaces to add one or more specific cluster namespaces in this Region to the datashare.

        • Choose one or more cluster namespaces and choose Add AWS Region.

     4. Choose Associate.

If you're associating the datashare with a Lake Formation account, go to the Lake Formation console to create a database, then define permissions over the database. For more information, see Setting up permissions for Amazon Redshift datashares in the AWS Lake Formation Developer Guide. Once you create a AWS Glue database or a federated database, you can use query editor v2 or any preferred SQL client with your consumer cluster to query the data. For more information, see Working with Lake Formation-managed datashares as a consumer.

After the datashare is associated, the datashares become available.

You can also change datashare association at any time. When changing association from specific AWS Regions and cluster namespaces to the entire AWS account, Amazon Redshift overwrites the specific Region and cluster namespaces information with AWS account information. All the AWS Regions and cluster namespaces in the AWS account then have access to the datashare.

When changing association from specific cluster namespaces to all cluster namespaces in the specified AWS Region, all cluster namespaces in this Region then have access to the datashare.

Removing association of datashare from data consumers

As a consumer cluster administrator, you can remove association of datashares from data consumers.

1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/.

2. On the navigation menu, choose Datashares. The datashare list page appears.

3. Choose From other accounts.

4. In the Datashares from other accounts section, choose the datashare to remove association from data consumers.

5. In the Data consumers section, choose one or more data consumers to remove association from. Then choose Remove association.

6. When the Remove association page appears, choose Remove association.

After association is removed, data consumers will lose access to the datashare. You can change the data consumer association at any time.

Declining datashares

As a consumer cluster administrator, you can reject any datashare whose state is available or active. After you reject a datashare, consumer cluster users lose access to the datashare. Amazon Redshift doesn't return the rejected datashare if you call the DescribeDataSharesForConsumer API operation. If the producer cluster administrator runs the DescribeDataSharesForProducer API operation, they will see that the datashare was rejected. Once a datashare is rejected, the producer cluster administrator can authorize the datashare to a consumer cluster again, and the consumer cluster administrator can choose to associate their AWS account with the datashare or reject it.

If your AWS account has an association to a datashare and a pending association to a datashare that's managed by Lake Formation, rejecting the datashare association that's managed by Lake Formation also rejects the original datashare. To reject a specific association, the producer cluster administrator can remove authorization from a specified datashare. This action doesn't affect other datashares.

To reject a datashare, use the AWS console, the API operation RejectDataShare, or reject-datashare in the AWS CLI.

To reject a datashare using the AWS console:

1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/.

2. In the navigation menu, choose Datashares.

3. Choose From other accounts.

4. In the Datashares from other accounts section, choose the datashare you want to decline. When the Decline datashare page appears, choose Decline.

After you decline the datashares, you can't revert the change. Amazon Redshift removes the datashares from the list. To see the datashare again, the producer administrator must authorize it again.