The most valuable features of AWS Lake Formation were the access model itself, as it allows implementation of filters, Blueprints, and row-level and column-level security to mask data that shouldn't be accessed by certain entities, enabling granular control without exposing PII data. Another feature is the Glue Workflows, which allow orchestration of multiple Glue jobs to automate the entire process end-to-end. Additionally, the Blueprints feature, which provides connectors out of the box for ingesting data from different sources, was also beneficial. AWS Lake Formation is tightly integrated with IAM for authentication and authorization, as its permission model relies on IAM user groups and roles. This allows categorization of groups based on the access required by different users, enabling implementation of access policies within Lake Formation. This integration provides extensibility and scalability since user groups, once granted permissions, can manage further access control for new users or groups. While we were still exploring other features such as federated access for users outside AWS, we were in the early days of utilizing AWS Lake Formation. The scalability of AWS Lake Formation is quite good, allowing creation of user groups with grantable permissions, letting users manage access for new users onboarded to specific databases or tables, as these groups can grant permissions to extended users as needed. The stability and reliability of AWS Lake Formation are impressive; once permissions are applied, the access flow is efficient. When a user runs a query from Athena, it interacts with AWS Lake Formation first, which uses temporary credentials to access S3 buckets and presents data securely. This centralized permission management adds a layer of security, making it predictable in what users can access while applying necessary filters before data exposure.
