5 min.

Data access and governance in AWS

Overview of key features and services related to data access and governance in AWS

In AWS, "data access" and "data governance" are two distinct but related concepts.

 

In essence, while data access in AWS deals with the technical aspects of how data is accessed and used, data governance focuses on the broader management of data, ensuring it is used appropriately, securely, and in compliance with regulations and organizational policies.

 

 

Data access in AWS

 

Data access in AWS involves the mechanisms for retrieving, viewing, and interacting with data across its services like Amazon S3 and Amazon Redshift. Overall, data access in AWS is about securely managing and controlling how data is accessed and used across its cloud platform.

 

 

Key features and service related to data access in AWS:

 

Identity and Access Management (IAM)

This service allows the creation of users, groups, and roles, with policies to define their access rights, controlling which actions they can perform.

 

 

S3 Access Controls

Includes bucket and access point policies based on criteria like source IP and user agent, ACLs for user-specific permissions on buckets/objects, and S3 Block Public Access for managing public data exposure.

 

 

Security Measures

Utilizes query string authentication for time-limited URL access, and VPC endpoints with attached policies for restricted service access. AWS Key Management Service (KMS) provides encryption for data at rest and in transit.

 

 

Organizational Controls

AWS Organizations' service control policies enable centralized permission governance across multiple accounts.

 

 

Programmatic and Temporary Access

Offers API access for data interaction, and AWS Security Token Service (STS) for generating temporary credentials, essential for federated access scenarios.

 

 

Monitoring and Compliance

Uses tools like AWS CloudTrail and AWS Config for access tracking and compliance enforcement.

 

 

Data governance in AWS

 

Data governance within Amazon Web Services (AWS) involves the application of strategies, practices, and technologies to manage an organization's data assets in compliance with necessary regulations. 

 

It entails understanding the deployment locations of data, the way its processed and managing who has access to it.

 

 

Key features and service related to data governance in AWS:

 

AWS Identity and Access Management (IAM)

Central to defining who can do what with specific resources.

 

IAM allows implementation of least privilege principle through roles and policies which is important for compliance with standards like PCI DSS, HIPAA

 

 

AWS Artifact

Assists in risk assessment and compliance management by offering vital compliance information

 

Allows customers to access AWS compliance documentation and agreements on demand to demonstrate compliance during audits

 

 

AWS Audit Manager

 

Helps in preparing for audits by continuously collecting and organizing evidence

 

Assists in assessing the effectiveness of your AWS environment against industry standards and best practices, reducing the effort involved in conducting audits

 

Automates the creation of audit-ready reports, making it easier to meet compliance requirements and manage governance

 

 

AWS Config

Helps ensure compliance with internal policies and regulatory standards.

 

 

Amazon S3 and S3 Glacier

Offers features for data archiving, retention, and deletion policies.

 

 

AWS Key Management Service (KMS)

Ensures data is encrypted and secure, a crucial part of compliance.

 

 

AWS CloudTrail

Offers an audit trail for user actions, aiding in compliance and monitoring

 

 

Amazon DataZone

Enables effective data management, governance, and collaboration across an organization

 

 

Amazon Macie

Essential for data privacy and security, identifying risks and unauthorized access.

 

 

AWS Lake Formation

Manages data access and movement, automating many aspects of data security.

 

 

Amazon Redshift

Allows for controlled and scalable use of data for business intelligence.

 

 

AWS Organizations

Centralizes governance, ensuring consistent policy application across all accounts.

 

 

AWS Data Exchange

Streamlines data exchange and ensures compliance with data licensing agreements.

 

 

AWS Glue

Important for data cataloging and preparing data for analytics

 

 

References

 

What is Data Governance? - Data Governance Explained - AWS

Data security and governance - Best Practices for Building a Data Lake on AWS for Games

What is AWS Data Exchange? - AWS Data Exchange User Guide

What is Data Sharing? - Data Sharing Explained - AWS

Data Access Controls - Navigating GDPR Compliance on AWS

Cloud Compliance - Amazon Web Services (AWS)