Posted On: Aug 9, 2019

Amazon Redshift Spectrum now supports column level access control for data stored in Amazon S3 and managed by AWS Lake Formation. Column level access control can be used to limit access to only the specific columns of a table rather than allowing access to all columns of a table.

For many customers, their security and data governance compliance policy require more specific access controls on their data. Now these customers can take advantage of Amazon Redshift’s integration with AWS Lake Formation to implement finer-grained access control on their managed data lake while still being able to query the data lake with Amazon Redshift Spectrum.

Amazon Redshift’s Spectrum capability allows Redshift to query data stored in Amazon S3 directly. Querying S3 can be more cost-effective and it eliminates the need to load data. Now Amazon Redshift Spectrum’s S3 query capability is further enhanced to support column level access control for data stored in Amazon S3. 

To use this feature, an administrator creates an IAM role for Amazon Redshift and creates the policy to allow Redshift to access AWS Lake Formation. The administrator can then use the Lake Formation console to specify the tables and columns that the role is allowed access to. The column level access control policies can also be created and managed by the SQL grant statements.

You can find more information about enabling column level access control for Amazon Redshift Spectrum in the Amazon Redshift database developer guide. Amazon Redshift supports column level access with the release version 1.0.8610 or higher in all AWS commercial regions supported by AWS Lake Formation. Refer to the AWS Region Table for AWS Lake Formation availability.