Security for AWS Lake Formation

Data security and data governance have become growing issues as more information gets stored in digital formats. Proper data governance can mitigate the risks of data breachesData being accessed by unauthorized individuals. Within the context of AWS, governance is the process by which AWS administrators can authorize, manage, and audit access to stored data. AWS believes that a more unified approach can help make it easier to fulfill governance requirements.

Some high-level recommendations for improving data governance include:

• Document data management processes.

• Define data quality requirements and evaluate them regularly.

• Identify top data quality issues and fix them accordingly.

• Set up automated alerts related to data quality.

• Set up operational dashboards to increase the visibility of data quality metrics.

AWS Lake Formation is a service that can be used to set up data lakes based on Amazon S3. Within Lake Formation and S3, there are features that administrators can configure to help reduce risks and improve data security and privacy while still allowing those with the necessary permissions to be able to access data.

This lesson goes into more detail on the following security features: S3 encryption, Lake Formation access controls, and audit logging.

Encrypting stored data in S3

As of 2023, new Amazon S3 buckets have server-side encryption enabled by default. This means that S3 automatically encrypts data objects before storing them on servers and automatically decrypts them when data is accessed. Server-side encryption provides an additional layer of protection in case of a server breach.

We can confirm the server-side encryption status by going to the Amazon S3 area of the AWS Console. For example, we have an existing bucket “demo-s3-data-lake-bucket.” To confirm the encryption, we select the bucket name and click on the “Properties” tab.