AWS Clean Rooms Features

With AWS Clean Rooms, you can analyze data with up to four other parties in a single collaboration. You can securely generate insights from multiple companies without having to write code. You can create a clean room, invite companies you want to collaborate with, and select which participants can run analyses within the collaboration.

With AWS Clean Rooms, you can easily collaborate with hundreds of thousands of companies already using AWS without needing to maintain a copy of your data outside of your AWS environment or load it into another platform. Once you create or join a collaboration, you can configure your data tables from your AWS Glue Data Catalog. When you run queries in a collaboration, AWS Clean Rooms reads data from where it lives and automatically applies restrictions that protect each participant’s underlying data. For each table, you can specify analysis rules. These rules help you restrict the type of SQL queries allowed on your data. You can also configure outputs constraints such as minimum aggregation thresholds.

In addition to the AWS Management Console, all AWS Clean Rooms functionality is accessible with an API. You will be able to use the AWS SDKs or command line interface (CLI) to automate AWS Clean Rooms operations, integrate Clean Rooms functionality within your existing workflows and products, or create your own version of clean room offering for your customers.

Those creating or joining an AWS Clean Rooms collaboration can write queries to intersect and analyze data tables associated with the collaboration, subject to restrictions, known as analysis rules, defined by each participant. AWS Clean Rooms controls support two types of analysis rules: List and Aggregation. Aggregation queries will only allow queries that generate aggregate statistics (such as how large is the intersection of these two datasets?). List queries will allow queries that extract the row-level list of the intersection of multiple datasets (such as what is the full intersection of these two datasets?). For example, you can choose the structure of the queries allowed by selecting one of the supported analysis rules (such as Aggregation); choose which statistics to allow other collaborators to run such as sums, counts, or averages. These restrictions give you built-in control of how your data can be used.

Minimum aggregation constraints will allow you to set conditions for output row returns. These constraints are in the form of COUNT DISTINCT (Column) >= Threshold. If an output row in the query result does not meet that constraint, it is automatically redacted; this lets you automatically enforce minimum aggregation thresholds while providing flexibility for data collaborators to write queries of their choice.

You can run AWS Clean Rooms queries on cryptographically protected data. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a collaboration-specific, shared encryption key so that data is encrypted even when queries are run. Cryptographic computing ensures that data used in collaborative computations remains encrypted at rest, in transit, and in use (while being processed).

Cryptographic Computing for Clean Rooms (C3R) is an open-source Java SDK with a CLI, available in GitHub. This feature is available at no additional charge. If you have big data, you can review the documentation to see how C3R can be integrated into Apache Spark.

This feature is the latest of a broad range of AWS cryptographic computing tools built to help you meet your security and compliance needs, while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers.