Prerequisites for setting up permissions on Amazon Redshift datashares - AWS Lake Formation
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Prerequisites for setting up permissions on Amazon Redshift datashares

Update default Data Catalog settings

To enable Lake Formation permissions for the Data Catalog resources, we recommend that you disable the default Data Catalog settings in Lake Formation. For more information, see Change the default permission model or use hybrid access mode.

Update permissions

In addition to data lake administrator permissions (AWSLakeFormationDataAdmin), the following permissions are also required to accept an Amazon Redshift datashare in Lake Formation:

  • glue:PassConnection on aws:redshift

  • redshift:AssociateDataShareConsumer

  • redshift:DescribeDataSharesForConsumer

  • redshift:DescribeDataShares

The data lake administrator IAM user has the following permissions implicitly.

  • data_location_access

  • create_database

  • lakefomation:registerResource