Category: Security, Identity, & Compliance

Many AWS customers use multiple AWS accounts and Regions across different departments and applications within the same company. However, you might deploy services like HAQM QuickSight using a single-account approach to centralize users, data source access, and dashboard management. This post explores how you can use different HAQM Virtual Private Cloud (HAQM VPC) private connectivity features to connect QuickSight […]

July 2023: This post was reviewed for accuracy. Managing database users through identity federation allows you to manage authentication and authorization procedures centrally. HAQM Redshift, a fast, fully managed cloud data warehouse, provides browser-based plugins for JDBC/ODBC drivers, which helps you easily implement identity federation capabilities added with multi-factor authentication (MFA) to secure your data […]

This post was updated May 2022 to update the AWS CloudFormation template. Customers are looking for ways to securely and cost-efficiently manage large volumes of sensitive data archival and deletion in their data lake by following regulations and data protection and privacy laws, such as GDPR, POPIA, and LGPD. This post describes a way to […]

Data cataloging is an important part of many analytical systems. The AWS Glue Data Catalog provides integration with a wide number of tools. Using the Data Catalog, you also can specify a policy that grants permissions to objects in the Data Catalog. Data lakes require detailed access control at both the content level and the level of the metadata describing the content. In this post, we show how you can define the access policies for the metadata in the catalog.

This post walks through three scenarios to enable trusted users to access Athena using temporary security credentials. First, we use SAML federation where user credentials were stored in Active Directory. Second, we use a custom credentials provider library to enable cross-account access. And third, we use an EC2 Instance Profile role to provide temporary credentials for users in our organization to access Athena.

In this blog post, I present a solution that exports system tables from multiple HAQM Redshift clusters into an HAQM S3 bucket. This solution is serverless, and you can schedule it as frequently as every five minutes. The AWS CloudFormation deployment template that I provide automates the solution setup in your environment. The system tables’ data in the HAQM S3 bucket is partitioned by cluster name and query execution date to enable efficient joins in cross-cluster diagnostic queries.

Erik Swensson is a Solutions Architect with AWS In this post you will learn how to leverage a Lightweight Directory Access Protocol (LDAP) service via AWS Directory Service to authenticate and define permissions for users and administrators of HAQM EMR, HAQM’s hosted Hadoop service. A centralized LDAP repository for authentication and authorization lets you more […]