Cross-account knowledge collaboration with Amazon DataZone and AWS analytical instruments

Information sharing has change into a vital side of driving innovation, contributing to progress, and fostering collaboration throughout industries. In line with this Gartner examine, organizations selling knowledge sharing outperform their friends on most enterprise worth metrics. An easy knowledge entry and sharing mechanism is essential for enabling efficient knowledge sharing throughout a company. There are challenges similar to complexity in managing cross-account permissions and problem in discovering the fitting knowledge throughout accounts that organizations face when attempting to share knowledge merchandise throughout AWS accounts. Amazon DataZone is a totally managed knowledge administration service that prospects can use to catalog, uncover, share, and govern knowledge saved throughout Amazon Net Companies (AWS).

On this submit, we are going to cowl how you need to use Amazon DataZone to facilitate knowledge collaboration between AWS accounts.

Resolution overview

This answer gives a streamlined strategy to allow cross-account knowledge collaboration utilizing Amazon DataZone area affiliation whereas sustaining safety and governance. This submit describes the method of utilizing the enterprise knowledge catalog useful resource of Amazon DataZone to publish knowledge property in order that they’re discoverable by different accounts. After they’ve been printed, you’ll be able to question the printed property from one other AWS account utilizing analytical instruments similar to Amazon Athena and the Amazon Redshift question editor, as proven within the following determine.

On this answer (as proven within the previous determine), the AWS account that accommodates the info property is known as the producer account. The AWS account that should entry or use the info from the producer account is known as the client account. The Amazon DataZone area is created and managed inside the producer account after which the patron account is related to that area.

As a part of Amazon DataZone area affiliation, Amazon DataZone makes use of AWS Useful resource Entry Supervisor (AWS RAM) to share the useful resource. When the producer and client AWS accounts are in the identical group inside AWS Organizations, the area affiliation occurs robotically. If the producer and client AWS accounts are in numerous organizations, AWS RAM sends an invite to the patron AWS account to simply accept or reject the useful resource grant.

This answer presents three Amazon DataZone person personas as:

• Information directors: Account homeowners in each producer and client AWS accounts. The information directors are liable for creating Amazon DataZone domains, configuring area associations, and accepting area associations inside the Amazon DataZone area.
• Information publishers: Customers in producer AWS accounts. The information publishers are liable for creating Amazon DataZone publish tasks and environments, producing and publishing knowledge property, and accepting subscription requests.
• Information subscribers: Customers in client AWS accounts. The information subscribers are liable for creating Amazon DataZone subscribe tasks and environments, trying to find and subscribing to knowledge property, and querying the info and deriving insights.

Conditions

To observe together with the directions, you will want:

• Two AWS accounts, one serving as producer and different account serving as client. Create new AWS accounts if essential.
• An Amazon Redshift provisioned cluster or Amazon Redshift Serverless workgroup within the producer and client AWS accounts provisioned by an information administrator.
• A secret in AWS Secrets and techniques Supervisor storing the grasp person credentials for the Amazon Redshift cluster or workgroup within the producer and client AWS accounts.
  • The information directors are liable for creating secrets and techniques.
  • The information producers and shoppers can receive the Amazon Useful resource Title (ARN) of the secrets and techniques from the info directors through the atmosphere or atmosphere profile creation steps.

Amazon DataZone makes use of Amazon Redshift Datashares to share knowledge throughout clusters and accounts. There are particular necessities and limitations for utilizing Amazon Redshift datashares.

• For cross-account knowledge sharing, each the producer and client clusters should be encrypted. See Cluster encryption part of datashare-considerations for extra details about the encryption course of.
• Information sharing is supported just for provisioned ra3 cluster varieties (ra3.16xlarge, ra3.4xlarge, and ra3.xlplus) and Amazon Redshift Serverless.

Walkthrough:

The next are the excessive stage steps to configure cross-account entry. We’ve offered step-by-step directions within the following sections.

1. Create an Amazon DataZone area within the producer account. The information administrator creates an Amazon DataZone area.
2. Request Amazon DataZone area affiliation from the producer account to the patron account.
3. Settle for the area affiliation request within the client account. The information administrator accepts the area affiliation.
4. Add knowledge customers to the Amazon DataZone area.
5. Create the required publish undertaking for AWS Glue and Amazon Redshift within the producer account.
6. Create AWS Glue and Amazon Redshift environments to publish the info property within the producer account.
7. Create and run an information supply for AWS Glue and Amazon Redshift to publish property into the enterprise catalog.
8. Create subscribe tasks for AWS Glue and Amazon Redshift.
9. Create AWS Glue and Amazon Redshift atmosphere profiles and environments within the subscribe undertaking
10. Subscribe to AWS Glue and Amazon Redshift tables. Eat the info utilizing Athena and Amazon redshift editors. This step is carried out by the info subscriber.

Create the Amazon DataZone area within the producer account

Amazon DataZone domains function high-level organizational models for property, customers, and tasks, facilitating cross-team and cross-account collaboration. This step focusses on creating the Amazon DataZone area within the producer account.

1. Register to the producer account AWS Administration Console for Amazon DataZone utilizing the info administrator credentials.
2. Create an Amazon DataZone area titled Demo_cross_account_domain utilizing the directions at create domains.
3. On the Create area display screen, choose Fast setup checkbox to automate a number of configuration steps, saving time and lowering the potential for setup errors. Fast setup allows two default blueprints and creates the default atmosphere profiles for the info lake and knowledge warehouse default blueprints.

Request Amazon DataZone area affiliation from the producer account to the patron account

To affiliate the Amazon DataZone area with the patron account, the producer account requests a website affiliation. This entails offering essential details about the patron account and granting applicable permissions for knowledge entry and administration.

1. Register to the Amazon DataZone console of the producer account utilizing the info administrator credentials.
2. Navigate to the area element web page, after which scroll down and choose the Related Accounts tab.
3. Enter the patron account IDs that you simply wish to request affiliation. Select Add one other account if you wish to add a couple of account. While you’re happy with the checklist of account IDs, select Request affiliation.
   • Use the newest (AWS RAM DataZonePortalReadWrite coverage when requesting the account affiliation. This coverage permits customers within the client account to execute Amazon DataZone APIs and to make use of the info portal interface.

Settle for an account affiliation request from an Amazon DataZone area

This step focuses on accepting the account affiliation request from the Amazon DataZone area within the client account. This permits the patron account to be linked with the Amazon DataZone area to allow knowledge sharing and collaboration between the producer and client accounts.

1. Register to the patron account and go to the Amazon DataZone console  in the identical AWS Area because the area. On the Amazon DataZone house web page, select View requests.
2. Choose the identify of the inviting Amazon DataZone area and select Assessment request.
3. Select Settle for affiliation, it is best to see the Demo_cross_account_domain state as related within the Related domains display screen

4. Select the area for which you wish to allow an atmosphere blueprint.
5. From the Blueprints checklist, select both the DefaultDataLake blueprint
6. On the Permissions and assets web page, for enabling the DefaultDataLake blueprint, for Glue Handle Entry function, specify a brand new function that grants Amazon DataZone authorization to ingest and handle entry to tables in AWS Glue and AWS Lake Formation.

7. Repeat steps 4 to six to allow the DefaultDataWarehouse blueprint by selecting DefaultDataWarehouse as an alternative of DefaultDataLake

Add knowledge customers to the Amazon DataZone area

To grant entry to the Amazon DataZone knowledge portal from the console for knowledge writer and knowledge Subscriber IAM customers, use the next steps so as to add them within the Consumer Administration part of the Amazon DataZone area. See Handle customers within the Amazon DataZone console for added particulars.

1. Register to the Amazon DataZone console as an information administrator utilizing the producer account.
2. Choose the Amazon DataZone area and, within the Consumer administration part, select Add and choose Add IAM customers.
3. On the Add customers web page, select Present account and add the person ARN of the info producer and select Add customers.
4. Subsequent select Related account, and enter the info subscriber person’s ARN and add the person by selecting Add customers.

Create the publish undertaking for AWS Glue and Amazon Redshift

This step focuses on creating the publish undertaking for AWS Glue and Amazon Redshift within the producer account. The undertaking shall be used to publish knowledge out of your knowledge sources to the suitable AWS companies.

1. Utilizing the producer account, sign up to the Amazon DataZone console as an information writer.
2. Choose View domains and choose the demo_cross_account_domain.
3. Select the Open knowledge portal hyperlink and sign up to the info portal.
4. Select Create New Mission and create a undertaking named Glue_Publish_Project for publishing AWS Glue knowledge property and create the undertaking underneath demo_cross_account_domain.
5. Create one other undertaking named Redshift_Publish_Project for publishing Amazon Redshift knowledge property, additionally underneath the demo_cross_account_domain.

Create AWS Glue and Amazon Redshift environments to publish the info property

On this step, you arrange AWS Glue and Amazon Redshift environments within the producer account to share knowledge property. The required infrastructure, such because the AWS Glue Information Catalog and Redshift cluster for storing knowledge, ought to already be in place. After setup, this may enable the patron account to entry and use the shared knowledge property. See Create a brand new atmosphere for detailed directions on creating a brand new atmosphere.

Create the AWS Glue atmosphere and a brand new AWS Glue desk

1. In the identical Amazon DataZone area demo_cross_account_domain, select Browse Mission and choose the Glue_Publish_Project and create Glue_Publish_Environment utilizing the default DataLakeProfile.
2. Depart the producer_glue_db_name, consumer_glue_db_name and Workgroup_name clean.
3. Select Create Atmosphere and look ahead to the method to finish.
4. After the atmosphere is created, browse the checklist of accessible tasks and select Glue_publish_project.
5. Subsequent, navigate to the Glue_Publish_Environment, and underneath Analytics instruments, select Amazon Athena to open the Athena question editor
6. Select Open Athena and guarantee that Glue_Publish_Environment is chosen within the Amazon DataZone atmosphere dropdown on the higher proper and that in Information on the left, glue_publish_environment_pub_db is chosen because the Database.
7. Create a brand new AWS Glue desk for publishing to Amazon DataZone. Paste the next create desk as choose (CTAS) question script within the Question window and run it to create a brand new desk named mkt_sls_table. The script creates a desk with pattern advertising and marketing and gross sales knowledge.

   CREATE TABLE mkt_sls_table AS
   SELECT 146776932 AS ord_num, 23 AS sales_qty_sld, 23.4 AS wholesale_cost, 45.0 as lst_pr, 43.0 as sell_pr, 2.0 as disnt, 12 as ship_mode,13 as warehouse_id, 23 as item_id, 34 as ctlg_page, 232 as ship_cust_id, 4556 as bill_cust_id
   UNION ALL SELECT 46776931, 24, 24.4, 46, 44, 1, 14, 15, 24, 35, 222, 4551
   UNION ALL SELECT 46777394, 42, 43.4, 60, 50, 10, 30, 20, 27, 43, 241, 4565
   UNION ALL SELECT 46777831, 33, 40.4, 51, 46, 15, 16, 26, 33, 40, 234, 4563
   UNION ALL SELECT 46779160, 29, 26.4, 50, 61, 8, 31, 15, 36, 40, 242, 4562
   UNION ALL SELECT 46778595, 43, 28.4, 49, 47, 7, 28, 22, 27, 43, 224, 4555
   UNION ALL SELECT 46779482, 34, 33.4, 64, 44, 10, 17, 27, 43, 52, 222, 4556
   UNION ALL SELECT 46779650, 39, 37.4, 51, 62, 13, 31, 25, 31, 52, 224, 4551
   UNION ALL SELECT 46780524, 33, 40.4, 60, 53, 18, 32, 31, 31, 39, 232, 4563
   UNION ALL SELECT 46780634, 39, 35.4, 46, 44, 16, 33, 19, 31, 52, 242, 4557
   UNION ALL SELECT 46781887, 24, 30.4, 54, 62, 13, 18, 29, 24, 52, 223, 4561

   

8. Go to the Tables and Views part and confirm that the mkt_sls_table desk was efficiently created.

Create the Amazon Redshift publish atmosphere and a brand new Redshift desk

1. Staying in the identical Amazon DataZone area demo_cross_account_domain, select Browse Mission, to create an Amazon Redshift publish atmosphere, choose the Redshift_Publish_Project and create Redshift_Publish_Environment utilizing the default knowledge warehouse profile.
2.  To configure atmosphere parameters, enter the identify of your Amazon Redshift cluster or workgroup, specify the database identify and enter the AWS Secrets and techniques Supervisor secret ARN for the Redshift cluster or workgroup. That you must guarantee that the key in Secrets and techniques Supervisor consists of the next tags. These tags assist Amazon DataZone implement correct entry management in order that solely licensed customers inside the right Amazon DataZone undertaking and area can entry the Amazon Redshift useful resource:
   1. For Amazon Redshift cluster: DataZone.rs.cluster:
   2. For Amazon Redshift Serverless workgroup: DataZone.rs.workgroup: 
   3. AmazonDataZoneProject:
   4. AmazonDataZoneDomain: For extra data for creating redshift database person secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

For extra data for creating redshift database person secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

3. Observe that the database person you present in Secrets and techniques Supervisor should have superuser permissions. Information publishers ought to work with the info administrator to get the small print of the Redshift cluster or workgroup, database identify, and secret ARN.
4. The schema is elective.
5. Select Create Atmosphere and look ahead to the method to finish.
6. Confirm that the atmosphere is created efficiently with out errors.
7. Browse the checklist of accessible tasks and choose Redshift_publish_project. Navigate to Redshift_publish_environment.
8. Underneath Analytics instruments, select Amazon Redshift to open the Amazon Redshift question editor.
9. Choose the Redshift cluster that you simply wish to join, select Save after which select Create Connection utilizing short-term credentials along with your IAM identification.
10. Create a brand new Redshift desk. You need to use the CTAS question to create a brand new desk named rs_sls_tbl. Use the offered CTAS script, which creates a desk with pattern gross sales knowledge within the datazone_env_redshift_publish_environment schema.

    CREATE TABLE "datazone_env_redshift_publish_environment"."rs_sls_tbl" AS
    SELECT 146776932 AS ord_num, 23 AS sales_qty_sld, 23.4 AS wholesale_cost, 45.0 as lst_pr, 43.0 as sell_pr, 2.0 as disnt, 12 as ship_mode,13 as warehouse_id, 23 as item_id, 34 as ctlg_page, 232 as ship_cust_id, 4556 as bill_cust_id
    UNION ALL SELECT 46776931, 24, 24.4, 46, 44, 1, 14, 15, 24, 35, 222, 4551
    UNION ALL SELECT 46777394, 42, 43.4, 60, 50, 10, 30, 20, 27, 43, 241, 4565
    UNION ALL SELECT 46777831, 33, 40.4, 51, 46, 15, 16, 26, 33, 40, 234, 4563
    UNION ALL SELECT 46779160, 29, 26.4, 50, 61, 8, 31, 15, 36, 40, 242, 4562
    UNION ALL SELECT 46778595, 43, 28.4, 49, 47, 7, 28, 22, 27, 43, 224, 4555
    UNION ALL SELECT 46779482, 34, 33.4, 64, 44, 10, 17, 27, 43, 52, 222, 4556
    UNION ALL SELECT 46779650, 39, 37.4, 51, 62, 13, 31, 25, 31, 52, 224, 4551
    UNION ALL SELECT 46780524, 33, 40.4, 60, 53, 18, 32, 31, 31, 39, 232, 4563
    UNION ALL SELECT 46780634, 39, 35.4, 46, 44, 16, 33, 19, 31, 52, 242, 4557
    UNION ALL SELECT 46781887, 24, 30.4, 54, 62, 13, 18, 29, 24, 52, 223, 4561

11.  Be sure that the rs_sls_tbl desk is efficiently created.

Publish property into the widespread enterprise catalog

On this step, you create and run the Amazon DataZone knowledge sources for AWS Glue and Amazon Redshift. You’ll then publish the info property from these knowledge sources.

The Amazon DataZone knowledge sources mean you can join to varied knowledge sources, together with databases, knowledge warehouses, and knowledge lakes, and ingest metadata into Amazon DataZone. By creating and working these knowledge sources, you can also make your knowledge obtainable for evaluation, transformation, and sharing inside your group.

After the info sources are arrange, you’ll be able to publish the info property from these sources to make them accessible to different customers and functions. This course of entails mapping the info property to the suitable enterprise phrases and metadata, ensuring that the info is correctly described and categorized.

Add an AWS Glue knowledge supply to publish the brand new AWS Glue desk.

1. Keep signed within the producer account and Amazon DataZone console as an information writer.
2. Select Choose undertaking from the highest navigation pane and choose the Glue_Publish_Project that you simply wish to add the info supply to.
3. Choose the Glue_Publish_Environment.
4. Select Create knowledge supply. Enter glue-publish-datasource because the identify.
5. Underneath Information supply sort, select AWS Glue.
6. Underneath Choose an atmosphere, choose Glue_Publish_Environment.
7. Underneath Information choice, choose the AWS Glue database glue_publish_environment_pub_db, enter your desk choice standards as “*“, after which and select Subsequent.
8. Depart all different setting as default and select Subsequent.
9. For Run Desire, choose Run on demand to ingest metadata from the desired AWS Glue tables into Amazon DataZone.
10. Assessment and select Create.
11. After the info supply has been created select Run. The mkt_sls_table shall be listed within the stock and obtainable to publish.
12. Choose the mkt_sls_table desk and evaluate the metadata that was generated. Select Settle for All should you’re happy with the metadata.
13. Select Publish Asset and the mkt_sls_table desk shall be printed to the enterprise knowledge catalog, making it discoverable and comprehensible throughout your group.

Add an Amazon Redshift knowledge supply to publish the brand new Amazon Redshift desk.

1. Keep signed within the producer account and Amazon DataZone console as an information writer.
2. Select Choose undertaking from the highest navigation pane and choose the Redshift_Publish_Project that you simply wish to add the info supply to.
3. Select the Redshift_Publish_Environment.
4. Select Create knowledge supply. Enter rs-publish-datasource because the identify.
5. Underneath Information supply sort, choose Amazon Redshift.
6. Underneath Choose an atmosphere, choose Redshift_Publish_Environment.
7. Underneath Redshift Credentials, enter the Redshift cluster and secret particulars offered by the info administrator.
8. Underneath Information Choice, choose the database dev and schema datazone_env_redshift_publish_environment.
9. Hold different setting as default and select Subsequent.
10. For Run Desire, choose Run on Demand.
11. Select Save. After the info supply is created, select Run. The information supply runs and the rs_sls_tbl shall be listed within the stock and obtainable to publish.
12. Choose the rs_sls_tbl desk and evaluate the metadata that was generated. Select Settle for All if you’re happy with the metadata.
13. Select Publish Asset and the rs_sls_table desk shall be printed to the enterprise knowledge catalog.

Create subscribe tasks for AWS Glue and Amazon Redshift

On this step, you create the tasks for subscribing to AWS Glue and Amazon Redshift knowledge property inside your Amazon DataZone area.

1. Register to the Amazon DataZone console as an information subscriber IAM person utilizing the patron account.
2. Select Related domains and choose the demo_cross_account_domain.
3. Choose the Open knowledge portal hyperlink and sign up to the knowledge portal.
4. Select Create New Mission and create a undertaking named Glue_Subscribe_Project for subscribing to the AWS Glue knowledge property.
5. Create one other undertaking named Redshift_Subscribe_Project for subscribing to the Redshift knowledge property.

Create AWS Glue and Amazon Redshift atmosphere profiles

On this step, you’ll arrange the atmosphere profiles and environments for AWS Glue and Amazon Redshift in your Amazon DataZone tasks. This may mean you can join and work together with assets throughout AWS accounts.

The aim of atmosphere profiles in Amazon DataZone is to streamline the method of atmosphere creation. By utilizing atmosphere profiles, you’ll be able to preconfigure important placement data similar to AWS account and AWS Area. On this answer, you’ll configure atmosphere profiles with placement data pointing to your client account.

Additionally, you will create an Amazon DataZone atmosphere from the profiles you might be about to create. This may provision the required assets within the client account and set up the connections between the Amazon DataZone area and the patron account. After the environments are created, you’ll be able to work with AWS Glue and Amazon Redshift property seamlessly throughout completely different AWS accounts inside your Amazon DataZone ecosystem.

Create an AWS Glue profile and atmosphere

1. Keep signed within the client account’s Amazon DataZone console as an information subscriber IAM, choose the Environments tab after which select Create atmosphere profile.
2. Configure the fields as follows:
   1. Title: Enter glue_subscribe-env-profile.
   2. Proprietor: The undertaking the place the profile is being created is chosen by default on this subject. Confirm that it’s Glue_Subscribe_Project.
   3. Blueprint: Choose Default Information Lake.
   4. AWS account parameters: Enter the patron AWS account quantity and choose the Area.
   5. Approved tasks: Choose All tasks.
   6. Publishing: Choose Publish from any database.
   7. Select Create Atmosphere Profile.
3. On the Create atmosphere web page, enter the next:
   1. Title: Enter glue_subscribe_environment.
   2. Confirm that the Atmosphere profile is ready to glue_subscribe-env-profile.
4. (Elective) Parameters: Enter the Producer glue db identify, Shopper glue db identify, and Workgroup identify.
5. Select Create atmosphere.
6. It takes a couple of minutes for the atmosphere to be created. Confirm that the atmosphere creation is profitable with none errors.

Create a Redshift atmosphere profile and atmosphere

1. Staying within the client account’s Amazon DataZone administration console as an information subscriber IAM person, navigate to the Redshift_Subscribe_Project you created beforehand.
2. Choose the Environments tab after which select Create atmosphere profile.
3. Configure the fields as follows:
   1. Title: Enter redshift_subscribe-env-profile.
   2. Proprietor: Confirm that Mission is ready to Redshift_Subscribe_Project.
   3. Blueprint: Choose Default Information Warehouse.
   4. Parameter set: Choose Enter my very own.
   5. AWS account parameters: Enter the patron AWS account quantity and choose the Area.
   6. Parameters: Choose both Amazon Redshift Cluster or Amazon Redshift Serverless within the client account.
      • AWS Secret ARN: Enter the AWS Secrets and techniques Supervisor secret ARN for the Redshift cluster or workgroup. That you must guarantee that the key in Secrets and techniques Supervisor consists of the next tags. These tags assist Amazon DataZone implement correct entry management in order that solely licensed customers inside the right Amazon DataZone undertaking and area can entry the Amazon Redshift useful resource.
        1. AmazonDataZoneDomain: [Domain_ID]
        2. AmazonDataZoneProject:  [Project_ID]

      For extra data for creating redshift database person secret in secret supervisor, see Storing database credentials in AWS Secrets and techniques Supervisor.

      Observe that the database person you present in AWS Secrets and techniques Supervisor should have superuser permissions. Information publishers ought to work with the info administrator to get the small print of the Redshift cluster or workgroup, database identify, and secret ARN.

      • Redshift cluster identify: Enter the identify of the Amazon Redshift cluster or Amazon Redshift Serverless workgroup.
      • Database identify: Enter the identify of the database inside the chosen Amazon Redshift cluster or Amazon Redshift Serverless workgroup
   7. Approved tasks: Choose All tasks.
   8. Publishing: Choose Publish any schema.
4. Select Create atmosphere profile.
5. Create an atmosphere from this profile: Create an atmosphere from this profile:
   1. Title: Enter redshift_subscribe_environment.
   2. Confirm that the Atmosphere profile is ready to redshift_subscribe-env-profile.
6. Select Create Atmosphere.

It takes a couple of minutes for the atmosphere to be created. Confirm that the atmosphere creation is profitable with none errors.

Subscribe to the AWS Glue and Redshift tables

On this step, you’ll subscribe AWS Glue and Amazon redshift tables printed by the info producer.

Subscribe to the AWS Glue desk

1. Register to the Amazon DataZone console of the patron account utilizing the info subscriber credentials and navigate to the Glue_Subscribe_project you created beforehand.
2. Seek for the Market Gross sales Desk within the Search bar.
   
3. Choose the Market Gross sales Desk and select Subscribe.
4. Within the Subscribe pop-up window, present the next data:
   • Mission: Enter the identify of the undertaking that you simply wish to subscribe to the asset. By default this shall be Glue_Subscribe_Project.
   • Enter a justification in your subscription request.
5. Select Subscribe.
   
6. Swap to the info writer function to approve the subscription request, then again to knowledge subscriber after selecting Approve.
   
7. Choose the Glue_subscribe_project and select Subscribed Belongings. Confirm that the Market Gross sales Desk is added to your atmosphere.
   
8. Navigate to the Amazon Athena question editor utilizing the hyperlink within the undertaking’s house web page.
9. Select OPEN AMAZON ATHENA.
   
10. You’ll now be robotically routed to the Athena console, guarantee that the Amazon DataZone Atmosphere is ready to glue_subscribe_environment.
11. For Database, choose glue_subscribe_environment_sub_db.
12. It’s best to see the mkt_sls_table within the Tables checklist. Preview the desk by selecting the three-dot menu subsequent to the desk identify and deciding on Preview Desk
    
13. Assessment the desk preview outcomes. It is possible for you to to see all of the gross sales associated knowledge from the mkt_sls_table


Subscribe to the Redshift desk

1. Keep signed in to the Amazon DataZone administration console as the info subscriber, Select Choose undertaking from the highest navigation pane and choose the Redshift_Subscribe_project.
2. Seek for Gross sales Desk within the search bar, and choose the Gross sales Desk.
3. Within the Subscribe pop-up window, present the next data:
   • Mission: Enter the identify of the undertaking that you simply wish to subscribe to the asset. By default this shall be Redshift_Subscribe_Project.
   • Enter a justification in your subscription request.
4. Select Subscribe.
   
5. Swap again to the info writer who’s the producer of the Market Gross sales Desk select Approve.
   
6. After the subscription request is authorised, change again to knowledge subscriber.
7. Choose the Redshift_subscribe_project and select Subscribed Belongings. After the Gross sales Desk is added to your atmosphere, you’ll be able to question the info within the desk.
8. Choose the Amazon Redshift hyperlink in the fitting facet panel of the undertaking house web page and navigate to the Amazon Redshift question editor.
9. Choose Open Amazon Redshift and the Redshift question editor v2 will open in a brand new tab.
   
10. Within the question editor, right-click your Amazon DataZone atmosphere’s Amazon Redshift cluster and choose Create a connection.
11. Choose Non permanent credentials utilizing your IAM identification for authentication.
    • If that authentication technique isn’t obtainable, open Account settings by selecting the gear icon within the backside left nook, select Authenticate with IAM credentials and select Save.
      
12. Enter the identify of the Amazon DataZone atmosphere’s database to create the connection.
13. Select Create connection.
14. Now you can view the Redshift desk rs_sls_tbl within the datazone_env_redshift_subscribe_environment.
15. Execute the next question to verify the info is accessible

SELECT * FROM "dev"."datazone_env_redshift_subscribe_environment"."rs_sls_tbl";

It is possible for you to to preview the rs_sls_tbl which is able to present the sale knowledge from the desk.

Clear up

To keep away from pointless future expenses, observe these steps:

Abstract

Organizations usually face vital challenges when attempting to share knowledge merchandise throughout a number of AWS accounts. These challenges stem from the complexity of configuring correct cross-account entry permissions and roles whereas sustaining strong knowledge governance and safety controls.

You need to use the answer described within the submit to publish and devour knowledge throughout AWS accounts and guarantee that dependable entry and constant knowledge governance is in place. By combining the ability of AWS Glue and Amazon Redshift, you’ll be able to unlock worthwhile insights and speed up your data-driven decision-making processes.

On this submit, you adopted a step-by-step information to arrange cross-account knowledge sharing utilizing Amazon DataZone area affiliation. You discovered the way to publish knowledge property from a producer account. You additionally discovered the way to subscribe to and question the printed property from a client account. You’ll be able to optionally use AWS Lake Formation entry monitoring to view permissions and knowledge entry actions. AWS Lake Formation makes use of AWS CloudTrail for historic evaluation and CloudTrail retains logs for 90 days by default.

Now that you simply’re acquainted with the weather concerned in cross-account knowledge sharing utilizing Amazon DataZone and your alternative of analytical instrument, you’re able to attempt it with a number of accounts.

In regards to the Authors

Arun Pradeep Selvaraj is a Senior Options Architect at AWS. Arun is enthusiastic about working along with his prospects and stakeholders on digital transformations and innovation within the cloud whereas persevering with to study, construct and reinvent. He’s inventive, fast-paced, deeply customer-obsessed, and makes use of the working backwards course of to construct trendy architectures to assist prospects resolve their distinctive challenges. Join with him on LinkedIn.

Piyush Mattoo is a Senior Resolution Architect for the Monetary Companies Information Supplier phase at Amazon Net Companies. He’s a software program know-how chief with over a decade of expertise constructing scalable and distributed software program programs to allow enterprise worth via using know-how. He has an academic background in Pc Science with a grasp’s diploma in pc and data science from College of Massachusetts. He’s primarily based out of Southern California and present pursuits embody tenting and nature walks.

You might also like

Introducing Amazon Nova Sonic: Human-like voice conversations for generative AI functions

20 April 2025

Constructing A Higher Tomorrow By way of Provide Chain Collaboration

19 April 2025

Mani Yamaraja is a Senior Buyer Options Supervisor for Monetary Companies Information Supplier phase at Amazon Net Companies. He has over a decade lengthy expertise working with monetary companies prospects enabling their digital transformation journey. Mani adopts a buyer centric strategy and gives know-how options working backwards from buyer’s enterprise objectives. He’s passionate in regards to the monetary companies business and helps the purchasers speed up their cloud primarily based transformation utilizing the confirmed mechanisms of AWS.