Cross-account information collaboration with Amazon DataZone and AWS analytical instruments

Knowledge sharing has grow to be an important side of driving innovation, contributing to development, and fostering collaboration throughout industries. In keeping with this Gartner research, organizations selling information sharing outperform their friends on most enterprise worth metrics. An easy information entry and sharing mechanism is essential for enabling efficient information sharing throughout a company. There are challenges resembling complexity in managing cross-account permissions and issue in discovering the appropriate information throughout accounts that organizations face when attempting to share information merchandise throughout AWS accounts. Amazon DataZone is a totally managed information administration service that prospects can use to catalog, uncover, share, and govern information saved throughout Amazon Internet Companies (AWS).

On this submit, we’ll cowl how you should utilize Amazon DataZone to facilitate information collaboration between AWS accounts.

Resolution overview

This resolution supplies a streamlined option to allow cross-account information collaboration utilizing Amazon DataZone area affiliation whereas sustaining safety and governance. This submit describes the method of utilizing the enterprise information catalog useful resource of Amazon DataZone to publish information belongings in order that they’re discoverable by different accounts. After they’ve been revealed, you’ll be able to question the revealed belongings from one other AWS account utilizing analytical instruments resembling Amazon Athena and the Amazon Redshift question editor, as proven within the following determine.

On this resolution (as proven within the previous determine), the AWS account that incorporates the info belongings is known as the producer account. The AWS account that should entry or use the info from the producer account is known as the shopper account. The Amazon DataZone area is created and managed inside the producer account after which the buyer account is related to that area.

As a part of Amazon DataZone area affiliation, Amazon DataZone makes use of AWS Useful resource Entry Supervisor (AWS RAM) to share the useful resource. When the producer and shopper AWS accounts are in the identical group inside AWS Organizations, the area affiliation occurs mechanically. If the producer and shopper AWS accounts are in numerous organizations, AWS RAM sends an invite to the buyer AWS account to simply accept or reject the useful resource grant.

This resolution presents three Amazon DataZone consumer personas as:

• Knowledge directors: Account homeowners in each producer and shopper AWS accounts. The info directors are answerable for creating Amazon DataZone domains, configuring area associations, and accepting area associations inside the Amazon DataZone area.
• Knowledge publishers: Customers in producer AWS accounts. The info publishers are answerable for creating Amazon DataZone publish tasks and environments, producing and publishing information belongings, and accepting subscription requests.
• Knowledge subscribers: Customers in shopper AWS accounts. The info subscribers are answerable for creating Amazon DataZone subscribe tasks and environments, trying to find and subscribing to information belongings, and querying the info and deriving insights.

Stipulations

To comply with together with the directions, you will want:

• Two AWS accounts, one serving as producer and different account serving as shopper. Create new AWS accounts if obligatory.
• An Amazon Redshift provisioned cluster or Amazon Redshift Serverless workgroup within the producer and shopper AWS accounts provisioned by a knowledge administrator.
• A secret in AWS Secrets and techniques Supervisor storing the grasp consumer credentials for the Amazon Redshift cluster or workgroup within the producer and shopper AWS accounts.
  • The info directors are answerable for creating secrets and techniques.
  • The info producers and customers can get hold of the Amazon Useful resource Identify (ARN) of the secrets and techniques from the info directors through the atmosphere or atmosphere profile creation steps.

Amazon DataZone makes use of Amazon Redshift Datashares to share information throughout clusters and accounts. There are particular necessities and limitations for utilizing Amazon Redshift datashares.

• For cross-account information sharing, each the producer and shopper clusters should be encrypted. See Cluster encryption part of datashare-considerations for extra details about the encryption course of.
• Knowledge sharing is supported just for provisioned ra3 cluster varieties (ra3.16xlarge, ra3.4xlarge, and ra3.xlplus) and Amazon Redshift Serverless.

Walkthrough:

The next are the excessive stage steps to configure cross-account entry. We’ve supplied step-by-step directions within the following sections.

1. Create an Amazon DataZone area within the producer account. The info administrator creates an Amazon DataZone area.
2. Request Amazon DataZone area affiliation from the producer account to the buyer account.
3. Settle for the area affiliation request within the shopper account. The info administrator accepts the area affiliation.
4. Add information customers to the Amazon DataZone area.
5. Create the mandatory publish undertaking for AWS Glue and Amazon Redshift within the producer account.
6. Create AWS Glue and Amazon Redshift environments to publish the info belongings within the producer account.
7. Create and run a knowledge supply for AWS Glue and Amazon Redshift to publish belongings into the enterprise catalog.
8. Create subscribe tasks for AWS Glue and Amazon Redshift.
9. Create AWS Glue and Amazon Redshift atmosphere profiles and environments within the subscribe undertaking
10. Subscribe to AWS Glue and Amazon Redshift tables. Devour the info utilizing Athena and Amazon redshift editors. This step is carried out by the info subscriber.

Create the Amazon DataZone area within the producer account

Amazon DataZone domains function high-level organizational models for belongings, customers, and tasks, facilitating cross-team and cross-account collaboration. This step focusses on creating the Amazon DataZone area within the producer account.

1. Register to the producer account AWS Administration Console for Amazon DataZone utilizing the info administrator credentials.
2. Create an Amazon DataZone area titled Demo_cross_account_domain utilizing the directions at create domains.
3. On the Create area display, choose Fast setup checkbox to automate a number of configuration steps, saving time and lowering the potential for setup errors. Fast setup permits two default blueprints and creates the default atmosphere profiles for the info lake and information warehouse default blueprints.

Request Amazon DataZone area affiliation from the producer account to the buyer account

To affiliate the Amazon DataZone area with the buyer account, the producer account requests a site affiliation. This entails offering obligatory details about the buyer account and granting applicable permissions for information entry and administration.

1. Register to the Amazon DataZone console of the producer account utilizing the info administrator credentials.
2. Navigate to the area element web page, after which scroll down and choose the Related Accounts tab.
3. Enter the buyer account IDs that you simply need to request affiliation. Select Add one other account if you wish to add multiple account. While you’re glad with the checklist of account IDs, select Request affiliation.
   • Use the newest (AWS RAM DataZonePortalReadWrite coverage when requesting the account affiliation. This coverage permits customers within the shopper account to execute Amazon DataZone APIs and to make use of the info portal interface.

Settle for an account affiliation request from an Amazon DataZone area

This step focuses on accepting the account affiliation request from the Amazon DataZone area within the shopper account. This permits the buyer account to be linked with the Amazon DataZone area to allow information sharing and collaboration between the producer and shopper accounts.

1. Register to the buyer account and go to the Amazon DataZone console  in the identical AWS Area because the area. On the Amazon DataZone dwelling web page, select View requests.
2. Choose the title of the inviting Amazon DataZone area and select Evaluation request.
3. Select Settle for affiliation, you must see the Demo_cross_account_domain state as related within the Related domains display

4. Select the area for which you need to allow an atmosphere blueprint.
5. From the Blueprints checklist, select both the DefaultDataLake blueprint
6. On the Permissions and sources web page, for enabling the DefaultDataLake blueprint, for Glue Handle Entry function, specify a brand new function that grants Amazon DataZone authorization to ingest and handle entry to tables in AWS Glue and AWS Lake Formation.

7. Repeat steps 4 to six to allow the DefaultDataWarehouse blueprint by selecting DefaultDataWarehouse as an alternative of DefaultDataLake

Add information customers to the Amazon DataZone area

To grant entry to the Amazon DataZone information portal from the console for information writer and information Subscriber IAM customers, use the next steps so as to add them within the Consumer Administration part of the Amazon DataZone area. See Handle customers within the Amazon DataZone console for added particulars.

1. Register to the Amazon DataZone console as a knowledge administrator utilizing the producer account.
2. Choose the Amazon DataZone area and, within the Consumer administration part, select Add and choose Add IAM customers.
3. On the Add customers web page, select Present account and add the consumer ARN of the info producer and select Add customers.
4. Subsequent select Related account, and enter the info subscriber consumer’s ARN and add the consumer by selecting Add customers.

Create the publish undertaking for AWS Glue and Amazon Redshift

This step focuses on creating the publish undertaking for AWS Glue and Amazon Redshift within the producer account. The undertaking will probably be used to publish information out of your information sources to the suitable AWS providers.

1. Utilizing the producer account, register to the Amazon DataZone console as a knowledge writer.
2. Choose View domains and choose the demo_cross_account_domain.
3. Select the Open information portal hyperlink and register to the info portal.
4. Select Create New Challenge and create a undertaking named Glue_Publish_Project for publishing AWS Glue information belongings and create the undertaking below demo_cross_account_domain.
5. Create one other undertaking named Redshift_Publish_Project for publishing Amazon Redshift information belongings, additionally below the demo_cross_account_domain.

Create AWS Glue and Amazon Redshift environments to publish the info belongings

On this step, you arrange AWS Glue and Amazon Redshift environments within the producer account to share information belongings. The required infrastructure, such because the AWS Glue Knowledge Catalog and Redshift cluster for storing information, ought to already be in place. After setup, it will enable the buyer account to entry and use the shared information belongings. See Create a brand new atmosphere for detailed directions on creating a brand new atmosphere.

Create the AWS Glue atmosphere and a brand new AWS Glue desk

1. In the identical Amazon DataZone area demo_cross_account_domain, select Browse Challenge and choose the Glue_Publish_Project and create Glue_Publish_Environment utilizing the default DataLakeProfile.
2. Go away the producer_glue_db_name, consumer_glue_db_name and Workgroup_name clean.
3. Select Create Surroundings and await the method to finish.
4. After the atmosphere is created, browse the checklist of accessible tasks and select Glue_publish_project.
5. Subsequent, navigate to the Glue_Publish_Environment, and below Analytics instruments, select Amazon Athena to open the Athena question editor
6. Select Open Athena and be sure that Glue_Publish_Environment is chosen within the Amazon DataZone atmosphere dropdown on the higher proper and that in Knowledge on the left, glue_publish_environment_pub_db is chosen because the Database.
7. Create a brand new AWS Glue desk for publishing to Amazon DataZone. Paste the next create desk as choose (CTAS) question script within the Question window and run it to create a brand new desk named mkt_sls_table. The script creates a desk with pattern advertising and marketing and gross sales information.

   CREATE TABLE mkt_sls_table AS
   SELECT 146776932 AS ord_num, 23 AS sales_qty_sld, 23.4 AS wholesale_cost, 45.0 as lst_pr, 43.0 as sell_pr, 2.0 as disnt, 12 as ship_mode,13 as warehouse_id, 23 as item_id, 34 as ctlg_page, 232 as ship_cust_id, 4556 as bill_cust_id
   UNION ALL SELECT 46776931, 24, 24.4, 46, 44, 1, 14, 15, 24, 35, 222, 4551
   UNION ALL SELECT 46777394, 42, 43.4, 60, 50, 10, 30, 20, 27, 43, 241, 4565
   UNION ALL SELECT 46777831, 33, 40.4, 51, 46, 15, 16, 26, 33, 40, 234, 4563
   UNION ALL SELECT 46779160, 29, 26.4, 50, 61, 8, 31, 15, 36, 40, 242, 4562
   UNION ALL SELECT 46778595, 43, 28.4, 49, 47, 7, 28, 22, 27, 43, 224, 4555
   UNION ALL SELECT 46779482, 34, 33.4, 64, 44, 10, 17, 27, 43, 52, 222, 4556
   UNION ALL SELECT 46779650, 39, 37.4, 51, 62, 13, 31, 25, 31, 52, 224, 4551
   UNION ALL SELECT 46780524, 33, 40.4, 60, 53, 18, 32, 31, 31, 39, 232, 4563
   UNION ALL SELECT 46780634, 39, 35.4, 46, 44, 16, 33, 19, 31, 52, 242, 4557
   UNION ALL SELECT 46781887, 24, 30.4, 54, 62, 13, 18, 29, 24, 52, 223, 4561

   

8. Go to the Tables and Views part and confirm that the mkt_sls_table desk was efficiently created.

Create the Amazon Redshift publish atmosphere and a brand new Redshift desk

1. Staying in the identical Amazon DataZone area demo_cross_account_domain, select Browse Challenge, to create an Amazon Redshift publish atmosphere, choose the Redshift_Publish_Project and create Redshift_Publish_Environment utilizing the default information warehouse profile.
2.  To configure atmosphere parameters, enter the title of your Amazon Redshift cluster or workgroup, specify the database title and enter the AWS Secrets and techniques Supervisor secret ARN for the Redshift cluster or workgroup. It’s essential be sure that the key in Secrets and techniques Supervisor consists of the next tags. These tags assist Amazon DataZone implement correct entry management in order that solely approved customers inside the appropriate Amazon DataZone undertaking and area can entry the Amazon Redshift useful resource:
   1. For Amazon Redshift cluster: DataZone.rs.cluster: <cluster_name:database title>
   2. For Amazon Redshift Serverless workgroup: DataZone.rs.workgroup:  <workgroup_name:database_name>
   3. AmazonDataZoneProject: <projectID>
   4. AmazonDataZoneDomain: <domainID>For extra info for creating redshift database consumer secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

For extra info for creating redshift database consumer secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

3. Observe that the database consumer you present in Secrets and techniques Supervisor will need to have superuser permissions. Knowledge publishers ought to work with the info administrator to get the main points of the Redshift cluster or workgroup, database title, and secret ARN.
4. The schema is elective.
5. Select Create Surroundings and await the method to finish.
6. Confirm that the atmosphere is created efficiently with out errors.
7. Browse the checklist of accessible tasks and choose Redshift_publish_project. Navigate to Redshift_publish_environment.
8. Beneath Analytics instruments, select Amazon Redshift to open the Amazon Redshift question editor.
9. Choose the Redshift cluster that you simply need to join, select Save after which select Create Connection utilizing momentary credentials together with your IAM identification.
10. Create a brand new Redshift desk. You need to use the CTAS question to create a brand new desk named rs_sls_tbl. Use the supplied CTAS script, which creates a desk with pattern gross sales information within the datazone_env_redshift_publish_environment schema.

    CREATE TABLE "datazone_env_redshift_publish_environment"."rs_sls_tbl" AS
    SELECT 146776932 AS ord_num, 23 AS sales_qty_sld, 23.4 AS wholesale_cost, 45.0 as lst_pr, 43.0 as sell_pr, 2.0 as disnt, 12 as ship_mode,13 as warehouse_id, 23 as item_id, 34 as ctlg_page, 232 as ship_cust_id, 4556 as bill_cust_id
    UNION ALL SELECT 46776931, 24, 24.4, 46, 44, 1, 14, 15, 24, 35, 222, 4551
    UNION ALL SELECT 46777394, 42, 43.4, 60, 50, 10, 30, 20, 27, 43, 241, 4565
    UNION ALL SELECT 46777831, 33, 40.4, 51, 46, 15, 16, 26, 33, 40, 234, 4563
    UNION ALL SELECT 46779160, 29, 26.4, 50, 61, 8, 31, 15, 36, 40, 242, 4562
    UNION ALL SELECT 46778595, 43, 28.4, 49, 47, 7, 28, 22, 27, 43, 224, 4555
    UNION ALL SELECT 46779482, 34, 33.4, 64, 44, 10, 17, 27, 43, 52, 222, 4556
    UNION ALL SELECT 46779650, 39, 37.4, 51, 62, 13, 31, 25, 31, 52, 224, 4551
    UNION ALL SELECT 46780524, 33, 40.4, 60, 53, 18, 32, 31, 31, 39, 232, 4563
    UNION ALL SELECT 46780634, 39, 35.4, 46, 44, 16, 33, 19, 31, 52, 242, 4557
    UNION ALL SELECT 46781887, 24, 30.4, 54, 62, 13, 18, 29, 24, 52, 223, 4561

11.  Guarantee that the rs_sls_tbl desk is efficiently created.

Publish belongings into the frequent enterprise catalog

On this step, you create and run the Amazon DataZone information sources for AWS Glue and Amazon Redshift. You’ll then publish the info belongings from these information sources.

The Amazon DataZone information sources let you join to numerous information sources, together with databases, information warehouses, and information lakes, and ingest metadata into Amazon DataZone. By creating and operating these information sources, you can also make your information accessible for evaluation, transformation, and sharing inside your group.

After the info sources are arrange, you’ll be able to publish the info belongings from these sources to make them accessible to different customers and functions. This course of entails mapping the info belongings to the suitable enterprise phrases and metadata, ensuring that the info is correctly described and categorized.

Add an AWS Glue information supply to publish the brand new AWS Glue desk.

1. Keep signed within the producer account and Amazon DataZone console as a knowledge writer.
2. Select Choose undertaking from the highest navigation pane and choose the Glue_Publish_Project that you simply need to add the info supply to.
3. Choose the Glue_Publish_Environment.
4. Select Create information supply. Enter glue-publish-datasource because the title.
5. Beneath Knowledge supply sort, select AWS Glue.
6. Beneath Choose an atmosphere, choose Glue_Publish_Environment.
7. Beneath Knowledge choice, choose the AWS Glue database glue_publish_environment_pub_db, enter your desk choice standards as “*“, after which and select Subsequent.
8. Go away all different setting as default and select Subsequent.
9. For Run Choice, choose Run on demand to ingest metadata from the desired AWS Glue tables into Amazon DataZone.
10. Evaluation and select Create.
11. After the info supply has been created select Run. The mkt_sls_table will probably be listed within the stock and accessible to publish.
12. Choose the mkt_sls_table desk and overview the metadata that was generated. Select Settle for All for those who’re glad with the metadata.
13. Select Publish Asset and the mkt_sls_table desk will probably be revealed to the enterprise information catalog, making it discoverable and comprehensible throughout your group.

Add an Amazon Redshift information supply to publish the brand new Amazon Redshift desk.

1. Keep signed within the producer account and Amazon DataZone console as a knowledge writer.
2. Select Choose undertaking from the highest navigation pane and choose the Redshift_Publish_Project that you simply need to add the info supply to.
3. Select the Redshift_Publish_Environment.
4. Select Create information supply. Enter rs-publish-datasource because the title.
5. Beneath Knowledge supply sort, choose Amazon Redshift.
6. Beneath Choose an atmosphere, choose Redshift_Publish_Environment.
7. Beneath Redshift Credentials, enter the Redshift cluster and secret particulars supplied by the info administrator.
8. Beneath Knowledge Choice, choose the database dev and schema datazone_env_redshift_publish_environment.
9. Preserve different setting as default and select Subsequent.
10. For Run Choice, choose Run on Demand.
11. Select Save. After the info supply is created, select Run. The info supply runs and the rs_sls_tbl will probably be listed within the stock and accessible to publish.
12. Choose the rs_sls_tbl desk and overview the metadata that was generated. Select Settle for All in case you are glad with the metadata.
13. Select Publish Asset and the rs_sls_table desk will probably be revealed to the enterprise information catalog.

Create subscribe tasks for AWS Glue and Amazon Redshift

On this step, you create the tasks for subscribing to AWS Glue and Amazon Redshift information belongings inside your Amazon DataZone area.

1. Register to the Amazon DataZone console as a knowledge subscriber IAM consumer utilizing the buyer account.
2. Select Related domains and choose the demo_cross_account_domain.
3. Choose the Open information portal hyperlink and register to the information portal.
4. Select Create New Challenge and create a undertaking named Glue_Subscribe_Project for subscribing to the AWS Glue information belongings.
5. Create one other undertaking named Redshift_Subscribe_Project for subscribing to the Redshift information belongings.

Create AWS Glue and Amazon Redshift atmosphere profiles

On this step, you’ll arrange the atmosphere profiles and environments for AWS Glue and Amazon Redshift in your Amazon DataZone tasks. This may let you join and work together with sources throughout AWS accounts.

The aim of atmosphere profiles in Amazon DataZone is to streamline the method of atmosphere creation. Through the use of atmosphere profiles, you’ll be able to preconfigure important placement info resembling AWS account and AWS Area. On this resolution, you’ll configure atmosphere profiles with placement info pointing to your shopper account.

Additionally, you will create an Amazon DataZone atmosphere from the profiles you’re about to create. This may provision the mandatory sources within the shopper account and set up the connections between the Amazon DataZone area and the buyer account. After the environments are created, you’ll be able to work with AWS Glue and Amazon Redshift belongings seamlessly throughout totally different AWS accounts inside your Amazon DataZone ecosystem.

Create an AWS Glue profile and atmosphere

1. Keep signed within the shopper account’s Amazon DataZone console as a knowledge subscriber IAM, choose the Environments tab after which select Create atmosphere profile.
2. Configure the fields as follows:
   1. Identify: Enter glue_subscribe-env-profile.
   2. Proprietor: The undertaking the place the profile is being created is chosen by default on this area. Confirm that it’s Glue_Subscribe_Project.
   3. Blueprint: Choose Default Knowledge Lake.
   4. AWS account parameters: Enter the buyer AWS account quantity and choose the Area.
   5. Approved tasks: Choose All tasks.
   6. Publishing: Choose Publish from any database.
   7. Select Create Surroundings Profile.
3. On the Create atmosphere web page, enter the next:
   1. Identify: Enter glue_subscribe_environment.
   2. Confirm that the Surroundings profile is about to glue_subscribe-env-profile.
4. (Elective) Parameters: Enter the Producer glue db title, Shopper glue db title, and Workgroup title.
5. Select Create atmosphere.
6. It takes a couple of minutes for the atmosphere to be created. Confirm that the atmosphere creation is profitable with none errors.

Create a Redshift atmosphere profile and atmosphere

1. Staying within the shopper account’s Amazon DataZone administration console as a knowledge subscriber IAM consumer, navigate to the Redshift_Subscribe_Project you created beforehand.
2. Choose the Environments tab after which select Create atmosphere profile.
3. Configure the fields as follows:
   1. Identify: Enter redshift_subscribe-env-profile.
   2. Proprietor: Confirm that Challenge is about to Redshift_Subscribe_Project.
   3. Blueprint: Choose Default Knowledge Warehouse.
   4. Parameter set: Choose Enter my very own.
   5. AWS account parameters: Enter the buyer AWS account quantity and choose the Area.
   6. Parameters: Choose both Amazon Redshift Cluster or Amazon Redshift Serverless within the shopper account.
      • AWS Secret ARN: Enter the AWS Secrets and techniques Supervisor secret ARN for the Redshift cluster or workgroup. It’s essential be sure that the key in Secrets and techniques Supervisor consists of the next tags. These tags assist Amazon DataZone implement correct entry management in order that solely approved customers inside the appropriate Amazon DataZone undertaking and area can entry the Amazon Redshift useful resource.
        1. AmazonDataZoneDomain: [Domain_ID]
        2. AmazonDataZoneProject:  [Project_ID]

      For extra info for creating redshift database consumer secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

      Observe that the database consumer you present in AWS Secrets and techniques Supervisor will need to have superuser permissions. Knowledge publishers ought to work with the info administrator to get the main points of the Redshift cluster or workgroup, database title, and secret ARN.

      • Redshift cluster title: Enter the title of the Amazon Redshift cluster or Amazon Redshift Serverless workgroup.
      • Database title: Enter the title of the database inside the chosen Amazon Redshift cluster or Amazon Redshift Serverless workgroup
   7. Approved tasks: Choose All tasks.
   8. Publishing: Choose Publish any schema.
4. Select Create atmosphere profile.
5. Create an atmosphere from this profile: Create an atmosphere from this profile:
   1. Identify: Enter redshift_subscribe_environment.
   2. Confirm that the Surroundings profile is about to redshift_subscribe-env-profile.
6. Select Create Surroundings.

It takes a couple of minutes for the atmosphere to be created. Confirm that the atmosphere creation is profitable with none errors.

Subscribe to the AWS Glue and Redshift tables

On this step, you’ll subscribe AWS Glue and Amazon redshift tables revealed by the info producer.

Subscribe to the AWS Glue desk

1. Register to the Amazon DataZone console of the buyer account utilizing the info subscriber credentials and navigate to the Glue_Subscribe_project you created beforehand.
2. Seek for the Market Gross sales Desk within the Search bar.
   
3. Choose the Market Gross sales Desk and select Subscribe.
4. Within the Subscribe pop-up window, present the next info:
   • Challenge: Enter the title of the undertaking that you simply need to subscribe to the asset. By default this will probably be Glue_Subscribe_Project.
   • Enter a justification to your subscription request.
5. Select Subscribe.
   
6. Swap to the info writer function to approve the subscription request, then again to information subscriber after selecting Approve.
   
7. Choose the Glue_subscribe_project and select Subscribed Belongings. Confirm that the Market Gross sales Desk is added to your atmosphere.
   
8. Navigate to the Amazon Athena question editor utilizing the hyperlink within the undertaking’s dwelling web page.
9. Select OPEN AMAZON ATHENA.
   
10. You’ll now be mechanically routed to the Athena console, be sure that the Amazon DataZone Surroundings is about to glue_subscribe_environment.
11. For Database, choose glue_subscribe_environment_sub_db.
12. You need to see the mkt_sls_table within the Tables checklist. Preview the desk by selecting the three-dot menu subsequent to the desk title and deciding on Preview Desk
    
13. Evaluation the desk preview outcomes. It is possible for you to to see all of the gross sales associated information from the mkt_sls_table


Subscribe to the Redshift desk

1. Keep signed in to the Amazon DataZone administration console as the info subscriber, Select Choose undertaking from the highest navigation pane and choose the Redshift_Subscribe_project.
2. Seek for Gross sales Desk within the search bar, and choose the Gross sales Desk.
3. Within the Subscribe pop-up window, present the next info:
   • Challenge: Enter the title of the undertaking that you simply need to subscribe to the asset. By default this will probably be Redshift_Subscribe_Project.
   • Enter a justification to your subscription request.
4. Select Subscribe.
   
5. Swap again to the info writer who’s the producer of the Market Gross sales Desk select Approve.
   
6. After the subscription request is authorized, swap again to information subscriber.
7. Choose the Redshift_subscribe_project and select Subscribed Belongings. After the Gross sales Desk is added to your atmosphere, you’ll be able to question the info within the desk.
8. Choose the Amazon Redshift hyperlink in the appropriate facet panel of the undertaking dwelling web page and navigate to the Amazon Redshift question editor.
9. Choose Open Amazon Redshift and the Redshift question editor v2 will open in a brand new tab.
   
10. Within the question editor, right-click your Amazon DataZone atmosphere’s Amazon Redshift cluster and choose Create a connection.
11. Choose Momentary credentials utilizing your IAM identification for authentication.
    • If that authentication methodology isn’t accessible, open Account settings by selecting the gear icon within the backside left nook, select Authenticate with IAM credentials and select Save.
      
12. Enter the title of the Amazon DataZone atmosphere’s database to create the connection.
13. Select Create connection.
14. Now you can view the Redshift desk rs_sls_tbl within the datazone_env_redshift_subscribe_environment.
15. Execute the next question to ensure the info is accessible

SELECT * FROM "dev"."datazone_env_redshift_subscribe_environment"."rs_sls_tbl";

It is possible for you to to preview the rs_sls_tbl which can present the sale information from the desk.

Clear up

To keep away from pointless future prices, comply with these steps:

Abstract

Organizations typically face important challenges when attempting to share information merchandise throughout a number of AWS accounts. These challenges stem from the complexity of configuring correct cross-account entry permissions and roles whereas sustaining strong information governance and safety controls.

You need to use the answer described within the submit to publish and eat information throughout AWS accounts and be sure that dependable entry and constant information governance is in place. By combining the facility of AWS Glue and Amazon Redshift, you’ll be able to unlock helpful insights and speed up your data-driven decision-making processes.

On this submit, you adopted a step-by-step information to arrange cross-account information sharing utilizing Amazon DataZone area affiliation. You discovered the right way to publish information belongings from a producer account. You additionally discovered the right way to subscribe to and question the revealed belongings from a shopper account. You possibly can optionally use AWS Lake Formation entry monitoring to view permissions and information entry actions. AWS Lake Formation makes use of AWS CloudTrail for historic evaluation and CloudTrail retains logs for 90 days by default.

Now that you simply’re accustomed to the weather concerned in cross-account information sharing utilizing Amazon DataZone and your selection of analytical software, you’re able to strive it with a number of accounts.

In regards to the Authors

Arun Pradeep Selvaraj is a Senior Options Architect at AWS. Arun is keen about working together with his prospects and stakeholders on digital transformations and innovation within the cloud whereas persevering with to study, construct and reinvent. He’s inventive, fast-paced, deeply customer-obsessed, and makes use of the working backwards course of to construct trendy architectures to assist prospects remedy their distinctive challenges. Join with him on LinkedIn.

Piyush Mattoo is a Senior Resolution Architect for the Monetary Companies Knowledge Supplier phase at Amazon Internet Companies. He’s a software program expertise chief with over a decade of expertise constructing scalable and distributed software program techniques to allow enterprise worth by way of using expertise. He has an academic background in Laptop Science with a grasp’s diploma in laptop and knowledge science from College of Massachusetts. He’s primarily based out of Southern California and present pursuits embody tenting and nature walks.

Mani Yamaraja is a Senior Buyer Options Supervisor for Monetary Companies Knowledge Supplier phase at Amazon Internet Companies. He has over a decade lengthy expertise working with monetary providers prospects enabling their digital transformation journey. Mani adopts a buyer centric strategy and supplies expertise options working backwards from buyer’s enterprise targets. He’s passionate in regards to the monetary providers business and helps the shoppers speed up their cloud primarily based transformation utilizing the confirmed mechanisms of AWS.