🐾Cross account data sharing with Athena🐾

❓It’s not really convenient to create IAM roles and assume it with Lambda help to access data in DataLake account from your Data Science account.

✅ You can manage data access with LakeFormation. Also, it provides you with ability to give granular access to the data, you can share database, table or even column.

In order to setup cross-account data sharing, you need:

1️⃣ In data lake account, grant permissions to data science account (or principal in this account) access to the database/table/column you want to share.
2️⃣ In data lake account, create resource-based policy for S3 bucket where source data is stored, granting access to whole data science account or specific principal in that account.
3️⃣  In data lake account, create resource-based policy for KMS key which was used for S3 encryption with data science account or principal in it.
4️⃣ In data science account, give access permission to Glue, Lake Formation, S3, Athena, RAM and KMS to the role used for data access.
5️⃣ In data science account, create resource link In LakeFormation for the database/table/column shared by data lake account.
6️⃣ In data science account, grant LakeFormation permissions to AllIAMPrincipals or specific role/user to use resource link and it’s target resource.

🎉Congratulations, that’s it, now you can query data in data lake account from data science account without assuming roles and creating Lambda functions.

---

If you like this post, you can share APAWS newsletter with friends: