AWS Clean Rooms features

Create clean rooms in minutes. Collaborate with your partners without sharing raw data.

Why AWS Clean Rooms?

AWS Clean Rooms makes it easier for you and your partners to analyze and collaborate on collective datasets to gain insights without revealing underlying data to one another. You can use AWS Clean Rooms to create your own clean rooms in minutes and start analyzing your collective datasets in just a few steps. With AWS Clean Rooms, you can invite any AWS customer you want to collaborate with, select datasets, and configure restrictions for participants. You can collaborate with hundreds of thousands of companies already using AWS without needing to maintain a copy of your data outside your AWS environment or load it into another platform.

Shot of a young businesswoman working on a computer in an office. Portrait of an successful young creative businesswoman using PC at her workplace in the modern office

Create your own clean room, add participants, and start collaborating in a few steps

AWS Clean Rooms helps you more quickly and easily deploy your own clean rooms without having to build, manage, and maintain your own solutions. Companies can also use APIs to integrate the functionality of AWS Clean Rooms into their workflows.

Collaborate with hundreds of thousands of companies on AWS without sharing or revealing underlying data

AWS Clean Rooms makes it quick and easy to generate insights from multiparty data with minimal data movement and without copying or revealing the underlying data. You can directly permission your data in Amazon Simple Storage Service (Amazon S3) and quickly start collaborating with your partners or any of the hundreds of thousands of AWS customers who have built their data lakes on Amazon S3.

hand together creative agency business brain storm meeting presentation Team discussing roadmap to product launch, presentation, planning, strategy, new business development
Cybersecurity and privacy concepts to protect data. Lock icon and internet network security technology. Businessmen protecting personal data on laptop and virtual interfaces.

Protect underlying data with a broad set of privacy-enhancing controls for clean rooms

AWS Clean Rooms supports stringent data-handling policies through a broad set of privacy-enhancing capabilities including fine-grained analysis rules, AWS Clean Rooms Differential Privacy, and cryptographic computing. And, you can use query logs to understand and audit how your data is queried.

Use flexible SQL analysis rules and privacy-enhancing ML to meet your business needs

Generate insights using SQL analyses or AWS Clean Rooms ML modeling. With SQL, you can use aggregation, list, and custom queries. You can also use Analysis Builder to unlock insights without having to write SQL. AWS Clean Rooms ML (Preview) helps you apply machine learning (ML) to generate insights without having to share raw data with others.

Programer sitting on desk discussing with mixed team of software developers about artificial intelligence

Multiparty

With AWS Clean Rooms, you can analyze data with multiple other parties in a single collaboration. Each collaboration member keeps data in their own accounts. You can securely generate insights from your and your partners' collective data without having to write code. You can create a clean room, invite companies you want to collaborate with, and select which participants can run SQL analyses or generate predictive insights with AWS Clean Rooms ML within the collaboration.

No need to maintain a copy of your data

With AWS Clean Rooms, you can easily collaborate with hundreds of thousands of companies already using AWS without needing to maintain a copy of your data outside your AWS environment or load it into another platform. Once you create or join a collaboration, you can configure your data tables from your AWS Glue Data Catalog. When you run queries, train an ML model, or generate predictive insights, AWS Clean Rooms reads the data from where it lives. When you use SQL query analysis, you can specify rules and SQL query restrictions allowed on your data, which are automatically applied to protect each participant's underlying data. For example, you can configure output constraints such as minimum aggregation thresholds. When you use AWS Clean Rooms ML, the underlying data used to train a model or generate a lookalike segment is never shared or revealed among collaborators or used by AWS to train models.

Full programmatic access

In addition to the AWS Management Console, all AWS Clean Rooms functionality is accessible with an API. You will be able to use the AWS SDKs or command line interface (CLI) to automate AWS Clean Rooms operations, integrate AWS Clean Rooms functionality within your existing workflows and products, or create your own version of clean room offerings for your customers.

Flexible SQL

Analysis rules are restrictions that give you built-in control of how your data can be analyzed. Collaboration members who create or join a collaboration as designated query runners can write queries to intersect and analyze your data tables subject to the analysis rules that you set. AWS Clean Rooms supports three types of analysis rules: aggregation, list, and custom.

Aggregation analysis rule: The aggregation analysis rule allows you to run queries that generate aggregate statistics, such as how large the intersection of two datasets is. When using the aggregation analysis rule, you can enforce that only aggregation queries can be run on your data and enforce restrictions on specific parts of the queries that run, such as what columns must be used only in a blind match and what columns can be used in aggregations such as sums, counts, or averages. You also control the minimum aggregation constraint in the output.  You can also set minimum aggregation constraints that allow you to set conditions for output row returns. These constraints are in the form of COUNT DISTINCT (Column) >= Threshold. If an output row in the query results does not meet any of the constraints, it is removed for the result set. This helps you ensure that minimum aggregation thresholds are automatically enforced while providing flexibility to data collaborators who can write queries of their choice.

List analysis rule: The list analysis rule allows you to run queries that extract the row-level list of the intersection of multiple datasets, such as the overlap of two datasets. When using the list analysis rule, you can enforce that only list queries can be run on your data and enforce restrictions of the queries that run, such as what columns must be used only in a blind match and what columns can be outputted as a list in the output.

Custom analysis rule: The custom analysis rule allows you to create custom queries using most of an ANSI-standard SQL, such as common table expressions (CTE) and window functions. You can also review and allow queries before collaboration partners run them, and review other collaborators' queries before they are allowed to run on your tables. When using the custom analysis rule, you can use built-in control to determine or limit, upfront, how your underlying data could be analyzed, instead of having to rely on query logs after analyses are complete. When you use custom SQL queries, you can also create or use analysis templates to store custom queries with parameters in the collaborations. This permits customers to more easily help one another in a collaboration. For example, a member who has higher SQL experience can create templates for other members to review and potentially run. It also facilitates reusable analyses in the collaboration. You can also use AWS Clean Rooms Differential Privacy by selecting a custom analysis rule and then configuring your differential privacy parameters.

Differential Privacy

AWS Clean Rooms Differential Privacy (Preview) helps you protect the privacy of your users with mathematically backed and intuitive controls in a few steps. Differential privacy is a rigorous mathematical definition of data privacy protection. However, configuring this technique is complex and requires an in-depth understanding of the theory and mathematically rigorous formulas to apply it effectively. AWS Clean Rooms Differential Privacy is an intuitive, fully managed capability of AWS Clean Rooms that helps you prevent the reidentification of your users. You do not need to have prior differential privacy experience to use this capability. AWS Clean Rooms Differential Privacy obfuscates the contribution of any individual’s data from AWS Clean Rooms collaboration aggregate outputs, and it helps you run a broad range of SQL queries to unlock insights about advertising campaigns, investment decisions, clinical research, and more. You can set up AWS Clean Rooms Differential Privacy by applying a custom analysis rule in your AWS Clean Rooms collaboration. Then you can configure AWS Clean Rooms Differential Privacy with controls that are flexible to your specific business use cases and can be applied in just a few steps. AWS Clean Rooms Differential Privacy makes it easier for you to enable differential privacy in AWS Clean Rooms collaborations with a few simple choices—all without requiring any additional expertise or setup from your partners.

Configurable roles

When you set up an AWS Clean Rooms collaboration, you can specify different abilities for each collaboration member to suit your specific SQL querying use cases. For example, if you want the query output to go to a different member, you can designate one member as the SQL query runner who can write queries and another member as the SQL query result receiver who can receive the results. This gives the collaboration creator the ability to make sure that the member who can query doesn't have access to the query results. When you set up a collaboration, you can also configure SQL query payment responsibilities and assign a chosen member to be billed for the query compute costs in the collaboration instead of the billing automatically going to the query runner. This gives more flexibility to collaborate with your partners to designate SQL responsibilities instead of anchoring them on the query runner.

No code analysis builder

With Analysis Builder, business users can get insights in a few easy steps without having to write or understand SQL. You can follow steps in the guided user interface to build queries compliant with the data restrictions that each collaborator has set on their tables based on auto-suggested criteria such as metrics, segments, and filters related to your collective datasets. Use Analysis Builder in collaborations that have one or two tables configured with either an aggregation or list analysis rule.

Privacy-enhancing ML

AWS Clean Rooms ML (Preview) helps you and your partners apply privacy-enhancing ML to generate predictive insights without having to share raw data with each other. The capability's first model is specialized to help companies create lookalike segments. With AWS Clean Rooms ML lookalike modeling, you can train your own custom model using your data and invite your partners to bring a small sample of their records to a collaboration to generate an expanded set of similar records while protecting you and your partners' underlying data. Healthcare modeling will be available in the coming months.

With AWS Clean Rooms ML, you retain full control and ownership of your trained models, including when to use them to generate lookalike segments with your partners or when to delete them. Your data is only used to train your model; it is not used for AWS model training. You can use intuitive controls that help you and your partners tune the model’s predictive results. For example, an airline can use data about its customers, collaborate with an online booking service, and identify prospect travelers with similar characteristics without either company sharing their underlying data with the other. AWS Clean Rooms ML removes the need to share data to build, train, and deploy ML models with your partners.

AWS Clean Rooms ML was built and tested across various datasets, such as e-commerce and streaming video, and can help you improve accuracy on lookalike modeling by up to 36%, when compared with representative industry baselines. In real-world applications such as prospecting for new customers, this accuracy improvement can translate into savings of millions of dollars.

Cryptographic computing

You can run AWS Clean Rooms queries on cryptographically protected data. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a collaboration-specific shared encryption key so that data is encrypted even when queries are run. Cryptographic computing ensures that data used in collaborative computations remains encrypted at rest, in transit, and in use (while being processed).

Cryptographic Computing for Clean Rooms (C3R) is an open source Java SDK with a CLI, available in GitHub. This feature is available at no additional charge. If you have big data, you can review the documentation to see how C3R can be integrated into Apache Spark.

This feature is the latest of a broad range of AWS cryptographic computing tools built to help you meet your security and compliance needs while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers.