Posted On: Dec 11, 2023
Amazon Athena now supports trusted identity propagation with AWS IAM Identity Center to manage and audit access to data and resources based on user identity. This new capability passes identity information between connected business intelligence and data analytics applications, providing data analysts with a seamless single sign-on experience and admins with end-to-end data access traceability. Administrators define access via AWS Lake Formation to their data sets in Glue Data Catalog based on a common set of users and groups in the customer’s chosen identity provider. Auditors can track users’ data access across their Athena query workflows.
With this launch, administrators can simply enable trusted identity propagation for Athena SQL use cases when creating a new workgroup. Data analysts can then use their corporate identities to access the Athena editor in EMR Studio where they run queries from their trusted identity propagation enabled workgroups. As the query runs, the identity of the data analyst is propagated all the way to AWS Lake Formation to authorize data access. This launch simplifies on-boarding through single-sign on, improves end-to-end security via identity-based fine-grained access control, and provides auditability for Athena query workflows.
This feature is generally available in 9 AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Asia Pacific (Singapore, Sydney), Canada (Central), and Europe (Ireland, Frankfurt and London). To get started, refer to the documentation.