Posted On: Aug 7, 2024
Amazon Web Services Analytics services, including Amazon QuickSight, Amazon Redshift, Amazon EMR, Amazon Lake Formation, and Amazon S3 via S3 Access Grants, now use trusted identity propagation with Amazon IAM Identity Center to manage and audit access to data and resources based on user identity. This new capability passes identity information between connected business intelligence and data analytics applications. Administrators define access to their service based on a common set of users and groups in the customer’s chosen identity provider (IdP). Auditors can track users’ access across services in Amazon CloudTrail. Analytics users benefit from an improved single sign-on experience when accessing data.
Amazon Redshift customers can now use the identities in their IdP to access Amazon Redshift in a single sign-on experience from Amazon QuickSight or Amazon Redshift Query Editor. Amazon QuickSight, Amazon Redshift, and Amazon Lake Formation use the trusted identity propagation feature of Amazon IAM Identity Center to pass user identities seamlessly, reducing time to insights and enabling friction-free analytics experience. For example, the identity of a user accessing a dashboard in QuickSight is propagated to Redshift, where fine grained data permissions are applied on the data before it is presented back to the user. Data lake admins can use Lake Formation to manage permissions to data lake or data sharing consumer tables by specific users and groups in an IdP.
To learn more about trusted identity propagation for Amazon Web Services Analytics services, read the documentation links below:
• Redshift
• QuickSight
• Lake Formation
• S3 Access Grants
• IAM Identity Center