In AWS, "data access" and "data governance" are two distinct but related concepts.
In essence, while data access in AWS deals with the technical aspects of how data is accessed and used, data governance focuses on the broader management of data, ensuring it is used appropriately, securely, and in compliance with regulations and organizational policies.
Data access in AWS
Data access in AWS involves the mechanisms for retrieving, viewing, and interacting with data across its services like Amazon S3 and Amazon Redshift. Overall, data access in AWS is about securely managing and controlling how data is accessed and used across its cloud platform.
Key features and service related to data access in AWS:
Identity and Access Management (IAM)
This service allows the creation of users, groups, and roles, with policies to define their access rights, controlling which actions they can perform.
S3 Access Controls
Includes bucket and access point policies based on criteria like source IP and user agent, ACLs for user-specific permissions on buckets/objects, and S3 Block Public Access for managing public data exposure.
Utilizes query string authentication for time-limited URL access, and VPC endpoints with attached policies for restricted service access. AWS Key Management Service (KMS) provides encryption for data at rest and in transit.
AWS Organizations' service control policies enable centralized permission governance across multiple accounts.
Programmatic and Temporary Access
Offers API access for data interaction, and AWS Security Token Service (STS) for generating temporary credentials, essential for federated access scenarios.
Monitoring and Compliance
Uses tools like AWS CloudTrail and AWS Config for access tracking and compliance enforcement.
Data governance in AWS
Data governance within Amazon Web Services (AWS) involves the application of strategies, practices, and technologies to manage an organization's data assets in compliance with necessary regulations.
It entails understanding the deployment locations of data, the way its processed and managing who has access to it.
Key features and service related to data governance in AWS:
AWS Identity and Access Management (IAM)
Central to defining who can do what with specific resources.
IAM allows implementation of least privilege principle through roles and policies which is important for compliance with standards like PCI DSS, HIPAA
Assists in risk assessment and compliance management by offering vital compliance information
Allows customers to access AWS compliance documentation and agreements on demand to demonstrate compliance during audits
AWS Audit Manager
Helps in preparing for audits by continuously collecting and organizing evidence
Assists in assessing the effectiveness of your AWS environment against industry standards and best practices, reducing the effort involved in conducting audits
Automates the creation of audit-ready reports, making it easier to meet compliance requirements and manage governance
Helps ensure compliance with internal policies and regulatory standards.
Amazon S3 and S3 Glacier
Offers features for data archiving, retention, and deletion policies.
AWS Key Management Service (KMS)
Ensures data is encrypted and secure, a crucial part of compliance.
Offers an audit trail for user actions, aiding in compliance and monitoring
Enables effective data management, governance, and collaboration across an organization
Essential for data privacy and security, identifying risks and unauthorized access.
AWS Lake Formation
Manages data access and movement, automating many aspects of data security.
Allows for controlled and scalable use of data for business intelligence.
Centralizes governance, ensuring consistent policy application across all accounts.
AWS Data Exchange
Streamlines data exchange and ensures compliance with data licensing agreements.
Important for data cataloging and preparing data for analytics