Amazon DataZone: Govern Data Access
Help ensure that the right data is accessed by the right user for the right purpose—in accordance with your organization's security policies—without relying on individual credentials. Provide transparency on the usage of assets and approve data subscriptions with a governed workflow. Monitor data assets across domain and projects through usage auditing capabilities.
Workflows for publishing and subscribing
Fulfilling grants on AWS data
Automatically fulfill subscriptions to the underlying dataset and manage permissions for AWS Lake Formation managed AWS Glue tables and Amazon Redshift tables and views. For all other assets, Amazon DataZone emits standard events related to user actions, such as subscription requests or approvals. You can use these standard events to integrate with other AWS services or third-party solutions for custom integrations.
Control data sharing
Amazon DataZone abstracts the process of sharing data between producer and consumer. The domain facilitates access control to downstream consumers through subscription approval process, which supports consumers from any account and supported AWS Region.
Understand access rights
You can create business use case–based groupings of teams, tools, and data. Analytics users collaborate seamlessly by accessing data and analytics tools in a self-service fashion. Administrators can manage access to data for all your users from a single place. With Amazon DataZone, you can grant access to users and systems in accordance with your organization's policies.
Organize by business units
With domains, you can more securely organize resources aligned to business-driven domains such as LOBs. A domain is a collection of Amazon DataZone objects, such as data assets, projects, associated AWS accounts, and data sources. Domains are a scalable container for you, your team, and related Amazon DataZone entities—including analytics tools such as Amazon Athena and Amazon Redshift Query Editor. You can publish a data asset in the catalog with a particular domain that governs the data. You can then control access of associated AWS accounts and resources that can access that domain. Domains provide a mechanism to instill organizational discipline for teams that are producing and cataloging the data in the business data catalog. You can publish a data asset in the catalog to a particular domain, which helps you govern the data and control access of data consumers. A domain can have multiple business use case–driven projects in which people collaborate.
How does Amazon DataZone support and integrate with other AWS services?
Amazon DataZone supports three types of integrations with other AWS services. For details, see Amazon DataZone: Integrations.
How does Amazon DataZone help me, from a variety of business verticals, model my business data catalog in Amazon DataZone?
Amazon DataZone offers a generic catalog construct—such as domain, business glossary, and metadata forms—which you can use to define your business vertical. The customizable metadata forms help you define the structure of metadata that is important for your business and standardize across subsets of data assets. Additionally, you can configure what metadata can be searchable for faster discovery. These customization capabilities make the business data catalog a generic catalog that you can customize to reflect your own business.