Abstract image of a woman sitting on books and studying on a laptop

Spark access control on Amazon EMR with AWS Lake Formation

A
Anoop Johnson

This document discusses how to secure data access on Amazon EMR clusters using AWS Lake Formation. Lake Formation provides fine-grained, column-level access control and integrates with identity providers like Active Directory for single sign-on. It uses the AWS Glue Data Catalog as the metadata store. The document demonstrates how to configure an Amazon EMR cluster to use Lake Formation for authentication and query execution, controlling permissions at the table and column level rather than on the underlying Amazon S3 storage.

Engineering
1 of 13
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Spark access control on Amazon EMR with AWS Lake Formation Anoop Johnson A N T 2 2 3 - R Principal Software Engineer Amazon Web Services
What you will learn Background Authentication Query execution Demo
Lake Formation: Secure once, access in many ways Amazon Athena Amazon Redshift Amazon EMR AWS Glue Amazon S3 Data catalog Permissions Lake Formation Admin
Control data access with grant and revoke
Permissions on tables and columns, not Amazon Simple Storage Service (Amazon S3)
View and audit data access
Why integrate Amazon EMR with Lake Formation? • Fine-grained, column-level access to databases and tables • Allows shared multi-tenant clusters to securely access data • Uses the AWS Glue Data Catalog as the metadata store • Federated single sign-on from your enterprise identity system • Active Directory (AD FS), Auth0, Okta, and many others • Uses Security Assertion Markup Language (SAML) 2.0
Query execution overview Amazon S3 Lake Formation Amazon EMR
Amazon EMR authentication Amazon EMR cluster User Used for impersonation Lake Formation
Query execution under the hood Amazon EMR worker node 1 32 4 Amazon S3 5 6 Lake Formation
Amazon EMR: Supported applications • AWS Glue Data Catalog • Identity providers with support for SAML • Applications • Spark SQL • Amazon EMR Notebooks and Zeppelin with Livy
Integrating Amazon EMR with Lake Formation • Establish trust relationship between your corporate IdP and AWS • Configure IAM roles for Lake Formation • Configure Amazon EMR security features • Launch an Amazon EMR Lake Formation-enabled cluster
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

More Related Content

PPTX
Breakdown of Microsoft Purview Solutions
Drew Madelung
 
PPTX
[DSC Europe 22] Overview of the Databricks Platform - Petar Zecevic
DataScienceConferenc1
 
PPTX
Azure purview
Shafqat Turza
 
PDF
Data Lake: A simple introduction
IBM Analytics
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
PPTX
Five steps to launch your data governance office
DATAVERSITY
 
PDF
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Mihai Criveti
 
PDF
McAfee Total Protection for Data Loss Prevention (DLP)
Trustmarque
 
Breakdown of Microsoft Purview Solutions
Drew Madelung
 
[DSC Europe 22] Overview of the Databricks Platform - Petar Zecevic
DataScienceConferenc1
 
Azure purview
Shafqat Turza
 
Data Lake: A simple introduction
IBM Analytics
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Five steps to launch your data governance office
DATAVERSITY
 
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Mihai Criveti
 
McAfee Total Protection for Data Loss Prevention (DLP)
Trustmarque
 

What's hot (20)

PPTX
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
PDF
Microservices Patterns with GoldenGate
Jeffrey T. Pollock
 
PDF
Denodo’s Data Catalog: Bridging the Gap between Data and Business (APAC)
Denodo
 
PPTX
Introduction to AWS Lake Formation.pptx
SwathiPonugumati
 
PPTX
Microsoft Purview
Mohammed Chaaraoui
 
PPTX
Splunk Overview
Splunk
 
PPTX
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
Albert Hoitingh
 
PDF
Presto: Fast SQL-on-Anything (including Delta Lake, Snowflake, Elasticsearch ...
Databricks
 
PDF
Big Data Security in Apache Projects by Gidon Gershinsky
GidonGershinsky
 
PDF
Five Things to Consider About Data Mesh and Data Governance
DATAVERSITY
 
PPTX
Most Common Data Governance Challenges in the Digital Economy
Robyn Bollhorst
 
PDF
How to govern and secure a Data Mesh?
confluent
 
PDF
Active Governance Across the Delta Lake with Alation
Databricks
 
PDF
ITI015En-The evolution of databases (I)
Huibert Aalbers
 
PPTX
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
DataWorks Summit
 
PPTX
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
PDF
DataOps , cbuswaw April '23
Jason Packer
 
PPTX
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Element22
 
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Microservices Patterns with GoldenGate
Jeffrey T. Pollock
 
Denodo’s Data Catalog: Bridging the Gap between Data and Business (APAC)
Denodo
 
Introduction to AWS Lake Formation.pptx
SwathiPonugumati
 
Microsoft Purview
Mohammed Chaaraoui
 
Splunk Overview
Splunk
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
Albert Hoitingh
 
Presto: Fast SQL-on-Anything (including Delta Lake, Snowflake, Elasticsearch ...
Databricks
 
Big Data Security in Apache Projects by Gidon Gershinsky
GidonGershinsky
 
Five Things to Consider About Data Mesh and Data Governance
DATAVERSITY
 
Most Common Data Governance Challenges in the Digital Economy
Robyn Bollhorst
 
How to govern and secure a Data Mesh?
confluent
 
Active Governance Across the Delta Lake with Alation
Databricks
 
ITI015En-The evolution of databases (I)
Huibert Aalbers
 
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
DataWorks Summit
 
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
DataOps , cbuswaw April '23
Jason Packer
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Element22
 
Ad

Recently uploaded (20)

PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
PDF
Principles of operation, construction, theory, advantages and disadvantages, ...
brijmohan776944
 
PPTX
Principal presentation for NAAC (1).pptx
GMKosgiker
 
PDF
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
PPTX
MAD Unit - 3 User Interface and Data Management (Diploma IT)
JappanMavani
 
PPTX
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
PDF
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
PPTX
AI-Reporting for Emerging Technologies(BS Computer Engineering)
kemuelfajanilan73
 
PDF
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
PPTX
WN UNIT-II CH4_MKaruna_BapatlaEngineeringCollege.pptx
KARUNAPAINAM
 
DOCX
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
PDF
Project_Mgmt_Institute_-Marc Marc Marc .pdf
Ismail Sultan
 
PPTX
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
PDF
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
PPTX
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
PDF
Designing Fault-Tolerant Architectures for Resilient Oracle Cloud ERP and HCM...
ijccsa
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PDF
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
PPTX
Micro1New.ppt.pptx the main themes if micro
nehasingh160179
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
Principles of operation, construction, theory, advantages and disadvantages, ...
brijmohan776944
 
Principal presentation for NAAC (1).pptx
GMKosgiker
 
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
MAD Unit - 3 User Interface and Data Management (Diploma IT)
JappanMavani
 
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
AI-Reporting for Emerging Technologies(BS Computer Engineering)
kemuelfajanilan73
 
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
WN UNIT-II CH4_MKaruna_BapatlaEngineeringCollege.pptx
KARUNAPAINAM
 
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
Project_Mgmt_Institute_-Marc Marc Marc .pdf
Ismail Sultan
 
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
Designing Fault-Tolerant Architectures for Resilient Oracle Cloud ERP and HCM...
ijccsa
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
Micro1New.ppt.pptx the main themes if micro
nehasingh160179
 
Ad

Spark access control on Amazon EMR with AWS Lake Formation

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Spark access control on Amazon EMR with AWS Lake Formation Anoop Johnson A N T 2 2 3 - R Principal Software Engineer Amazon Web Services
  • 2. What you will learn Background Authentication Query execution Demo
  • 3. Lake Formation: Secure once, access in many ways Amazon Athena Amazon Redshift Amazon EMR AWS Glue Amazon S3 Data catalog Permissions Lake Formation Admin
  • 4. Control data access with grant and revoke
  • 5. Permissions on tables and columns, not Amazon Simple Storage Service (Amazon S3)
  • 6. View and audit data access
  • 7. Why integrate Amazon EMR with Lake Formation? • Fine-grained, column-level access to databases and tables • Allows shared multi-tenant clusters to securely access data • Uses the AWS Glue Data Catalog as the metadata store • Federated single sign-on from your enterprise identity system • Active Directory (AD FS), Auth0, Okta, and many others • Uses Security Assertion Markup Language (SAML) 2.0
  • 9. Amazon EMR authentication Amazon EMR cluster User Used for impersonation Lake Formation
  • 10. Query execution under the hood Amazon EMR worker node 1 32 4 Amazon S3 5 6 Lake Formation
  • 11. Amazon EMR: Supported applications • AWS Glue Data Catalog • Identity providers with support for SAML • Applications • Spark SQL • Amazon EMR Notebooks and Zeppelin with Livy
  • 12. Integrating Amazon EMR with Lake Formation • Establish trust relationship between your corporate IdP and AWS • Configure IAM roles for Lake Formation • Configure Amazon EMR security features • Launch an Amazon EMR Lake Formation-enabled cluster
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.