Amazon DataZone: Govern Data Access


Help ensure that the right data is accessed by the right user for the right purpose—in accordance with your organization's security policies—without relying on individual credentials. Provide transparency on the usage of assets and approve data subscriptions with a governed workflow. Monitor data assets across domain and projects through usage auditing capabilities.

Key features

Domains are scalable building blocks that help you securely organize resources aligned to business teams or lines of businesses (LOBs). Domains provide the flexibility to reflect your organization's structure. Within these managed domains, you can create business-specific taxonomies that use metadata forms and business glossaries. This way, you can publish an asset in the catalog with a particular domain. The domain then governs the data and controls access with associated resources.
Publishing and subscribing workflows help you create a decentralized data ownership and federated governance model for data sharing and consumption. Data producers publish, own, and govern their data assets by configuring subscription rules for consumers. Data consumers then access the data that they are interested in after completing the approval workflow with data owners.

Automatically fulfill subscriptions to the underlying dataset and manage permissions for AWS Lake Formation managed AWS Glue tables and Amazon Redshift tables and views. For all other assets, Amazon DataZone emits standard events related to user actions, such as subscription requests or approvals. You can use these standard events to integrate with other AWS services or third-party solutions for custom integrations.

Use cases

Amazon DataZone abstracts the process of sharing data between producer and consumer. The domain facilitates access control to downstream consumers through subscription approval process, which supports consumers from any account and supported AWS Region.

You can create business use case–based groupings of teams, tools, and data. Analytics users collaborate seamlessly by accessing data and analytics tools in a self-service fashion. Administrators can manage access to data for all your users from a single place. With Amazon DataZone, you can grant access to users and systems in accordance with your organization's policies.

With domains, you can more securely organize resources aligned to business-driven domains such as LOBs. A domain is a collection of Amazon DataZone objects, such as data assets, projects, associated AWS accounts, and data sources. Domains are a scalable container for you, your team, and related Amazon DataZone entities—including analytics tools such as Amazon Athena and Amazon Redshift Query Editor. You can publish a data asset in the catalog with a particular domain that governs the data. You can then control access of associated AWS accounts and resources that can access that domain. Domains provide a mechanism to instill organizational discipline for teams that are producing and cataloging the data in the business data catalog. You can publish a data asset in the catalog to a particular domain, which helps you govern the data and control access of data consumers. A domain can have multiple business use case–driven projects in which people collaborate.


How does Amazon DataZone support and integrate with other AWS services?

Amazon DataZone supports three types of integrations with other AWS services. For details, see Amazon DataZone: Integrations.

How does Amazon DataZone help me, from a variety of business verticals,  model my business data catalog in Amazon DataZone?

Amazon DataZone offers a generic catalog construct—such as domain, business glossary, and metadata forms—which you can use to define your business vertical. The customizable metadata forms help you define the structure of metadata that is important for your business and standardize across subsets of data assets. Additionally, you can configure what metadata can be searchable for faster discovery. These customization capabilities make the business data catalog a generic catalog that you can customize to reflect your own business.