AWS Clean Rooms is a service that makes it easier for you and your partners to analyze and collaborate on collective datasets to gain insights, without sharing or copying one another’s underlying data or having to move it outside of AWS. You can use AWS Clean Rooms to create your own clean rooms in minutes, and start analyzing your collective datasets with just a few clicks. From the AWS Management Console or using the API, you can invite any AWS customer you want to collaborate with, select datasets, and configure restrictions for participants. With AWS Clean Rooms, you can collaborate with hundreds of thousands of companies already using AWS without needing to maintain a copy of your data outside of your AWS environment or load it into another platform. When you run queries, AWS Clean Rooms reads data where it lives and applies analysis rules to help you maintain control over your data. AWS Clean Rooms provides a broad set of privacy-enhancing controls—including query controls, query output restrictions, and query logging—that allow you to customize restrictions on the queries run by each clean room participant. AWS Clean Rooms also includes advanced cryptographic computing tools that keep data encrypted—even as queries are processed—to comply with stringent data-handling policies.
Key product features
Multi-party (up to five data collaborators)
With AWS Clean Rooms, you can analyze data with up to four other parties in a single collaboration. You can securely generate insights from multiple companies without having to write code. You can create a clean room, invite companies you want to collaborate with, and select which participants can run analyses within the collaboration.
Collaboration without needing to maintain a copy of your data outside of your AWS environment
With AWS Clean Rooms, you can easily collaborate with hundreds of thousands of companies already using AWS without needing to maintain a copy of your data outside of your AWS environment or load it into another platform. Once you create or join a collaboration, you can configure your data tables from your AWS Glue Data Catalog. When you run queries in a collaboration, AWS Clean Rooms reads data from where it lives and automatically applies restrictions that protect each participant’s underlying data. For each table, you can specify analysis rules. These rules help you restrict the type of SQL queries allowed on your data. You can also configure outputs constraints such as minimum aggregation thresholds.
Full programmatic access
In addition to the AWS Management Console, all AWS Clean Rooms functionality is accessible with an API. You will be able to use the AWS SDKs or command line interface (CLI) to automate AWS Clean Rooms operations, integrate Clean Rooms functionality within your existing workflows and products, or create your own version of clean room offering for your customers.
Flexible SQL queries subject to automated analysis rules
Those creating or joining an AWS Clean Rooms collaboration can write queries to intersect and analyze data tables associated with the collaboration, subject to restrictions, known as analysis rules, defined by each participant. AWS Clean Rooms controls support two types of analysis rules: List and Aggregation. Aggregation queries will only allow queries that generate aggregate statistics (such as how large is the intersection of these two datasets?). List queries will allow queries that extract the row-level list of the intersection of multiple datasets (such as what is the full intersection of these two datasets?). For example, you can choose the structure of the queries allowed by selecting one of the supported analysis rules (such as Aggregation); choose which statistics to allow other collaborators to run such as sums, counts, or averages. These restrictions give you built-in control of how your data can be used.
Flexible minimum aggregation thresholds
Minimum aggregation constraints will allow you to set conditions for output row returns. These constraints are in the form of COUNT DISTINCT (Column) >= Threshold. If an output row in the query result does not meet that constraint, it is automatically redacted; this lets you automatically enforce minimum aggregation thresholds while providing flexibility for data collaborators to write queries of their choice.
You can run AWS Clean Rooms queries on cryptographically protected data. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a collaboration-specific, shared encryption key so that data is encrypted even when queries are run. Cryptographic computing ensures that data used in collaborative computations remains encrypted at rest, in transit, and in use (while being processed).
Cryptographic Computing for Clean Rooms (C3R) is an open-source Java SDK with a CLI, available in GitHub. This feature is available at no additional charge. If you have big data, you can review the documentation to see how C3R can be integrated into Apache Spark.
This feature is the latest of a broad range of AWS cryptographic computing tools built to help you meet your security and compliance needs, while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers.
Get started building with AWS Clean Rooms in the AWS Management Console today.
Learn how leading companies are using AWS Clean Rooms to unlock insights through collaboration.
Explore how AWS Clean Rooms partners can help you drive more insights—together.
Learn more about how AWS Clean Rooms protects your data.