{"id":3775,"date":"2021-11-12T14:00:00","date_gmt":"2021-11-12T13:00:00","guid":{"rendered":"https:\/\/blog.besharp.it\/?p=3775"},"modified":"2021-11-12T12:00:05","modified_gmt":"2021-11-12T11:00:05","slug":"lake-formation-data-security-and-data-governance-with-lf-tbac","status":"publish","type":"post","link":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/","title":{"rendered":"Lake Formation: Data Security and Data Governance with LF-TBAC"},"content":{"rendered":"\n

Introduction<\/h2>\n\n\n\n

Big Data has rapidly grown as a way to describe information obtained from heterogeneous sources when it becomes incredibly complex to manage in terms of Variety<\/strong>, Veracity<\/strong>, Value<\/strong>, Volume<\/strong>, and Velocity<\/strong>. Still, it can be considered the \u201cNew Gold because of the potential to generate business value.\u201d<\/p>\n\n\n\n

Without adequate governance or quality, data lakes can quickly turn into unmanageable data swamps. Data engineers know the data they need lives in these swamps, but they won’t be able to find, trust, or use it without a clear data governance strategy.<\/p>\n\n\n\n

A very common challenge is maintaining <\/strong>Governance, access contro<\/strong>l over users who operate on the Data Lake, and protecting sensitive information. <\/p>\n\n\n\n

Companies need to centralize governance, access control, and a strategy backed by managed services to fine-grain control user access to data.<\/p>\n\n\n\n

Dealing with these situations typically requires two approaches: manual<\/em>, more flexible<\/strong> but complex<\/strong>; managed<\/em> which requires your solution to fit into specific standards<\/strong> but in return takes away all management complexities<\/strong> for the developers.<\/p>\n\n\n\n

This article will guide you through setting up your Data Lake with Lake Formation, showing all the challenges that must be addressed during the process with a particular eye on Security and Governance through the LF-TBAC approach. <\/p>\n\n\n\n

Tag-Based Access Control, in short TBAC<\/strong>, is an increasingly popular way to solve these challenges, applying constraints based on tags associated with specific resources.<\/p>\n\n\n\n

So, without further ado, let\u2019s dig in!<\/p>\n\n\n\n

What is TBAC access<\/h2>\n\n\n\n

Tag-based access control allows administrators of  IAM-enabled resources to create access policies based on existing tags associated with eligible resources. <\/p>\n\n\n\n

Cloud providers manage permissions of both users and applications with policies, documents with rules that reference resources. By applying tags to those resources is possible to define simple and effective allow\/deny conditions.<\/p>\n\n\n\n

Using access management tags may reduce the number of access policies needed within a cloud account while also providing a simplified way to grant access to a heterogeneous group of resources.<\/p>\n\n\n\n

Why S3 alone is not enough<\/h2>\n\n\n\n

S3,  like most AWS services, leverages the IAM principals for access management<\/strong>, meaning that it is possible to define which parts of a bucket (files and folders\/prefixes) a single IAM principal can read\/write; however is not possible to further restrict IAM access to specific parts of an object, nor to certain data segments stored inside objects.<\/p>\n\n\n\n

For example, let\u2019s assume that our application data is stored as a collection of parquet files divided per country in different folders.<\/p>\n\n\n\n

It is possible to constrain a user to access only the users belonging to a given country<\/strong>. Still, there is no way to prevent them from reading the anagraphic information (e.g., username and address) stored as columns in the parquet. <\/p>\n\n\n\n

The only way to prevent users from accessing sensitive information would be to encrypt the columns before writing the files to S3, <\/strong>which can be slow<\/strong>, cumbersome,<\/strong> and open a whole new \u2018can of worm\u2019 regarding key storage<\/strong>, sharing,<\/strong> and eventually key decommissioning<\/strong>.<\/p>\n\n\n\n

Furthermore, giving access to external entities using IAM principals is often a non-trivial problem on its own<\/strong>.<\/p>\n\n\n\n

Luckily, AWS offers a battery included solution to the S3 Data Lake permission problem<\/strong>: enters AWS Lake Formation!<\/p>\n\n\n\n

AWS Lake Formation is a fully managed service that simplifies building, securing, and managing data lakes, automating many of the complex manual steps required to create them. <\/p>\n\n\n\n

Lake Formation also provides its own permissions model, which is what we want to explore in detail, that augments the classical AWS IAM permissions model<\/strong>. <\/p>\n\n\n\n

This centrally defined permissions model enables fine-grained access to data stored in data lakes through a simple grant\/revoke mechanism.<\/p>\n\n\n\n

So, by leveraging the power of Lake Formation, we would like to demonstrate, with a simple solution, how to address the aforementioned S3 challenges; let\u2019s continue!<\/p>\n\n\n\n

Leveraging TBAC approach in Lake Formation<\/h2>\n\n\n\n

To accompany the reader in understanding why AWS Lake Formation can be a good choice in dealing with the complexities of managing a DataLake, we have prepared a simple tutorial on how to migrate heterogeneous data.<\/p>\n\n\n\n

From legacy on-prem databases into S3 while also creating a Lake Formation catalog to deal with data cleansing, permissions, and further operations.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"TBAC
Our example implementation<\/figcaption><\/figure><\/div>\n\n\n\n

<\/p>\n\n\n\n

AWS Glue migration of on-prem data<\/h3>\n\n\n\n

The first step for creating a Data Lake is obviously to fetch, transform and insert the data. In this simple example, we used a mocked users dataset from a MySQL database. AWS glue is the natural way to connect to the heterogeneous data source, infer their schema import and transform the data and finally write them on S3 as we explained in detail here<\/a>.<\/p>\n\n\n\n

After the data is loaded in a temporary S3 bucket, you need to create a Database in Lake Formation <\/strong>to connect to a Glue Crawler<\/strong> and run it on your S3 prefix to populate a Glue Catalog for your data. 
Just go to the AWS Lake Formation console, <\/strong>in the Databases <\/em>page under the Data catalog tab,<\/strong> and fill in a Database name and your S3 path.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"create
Create a new Database from Lake Formation<\/em><\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Note: creating a database from Lake Formation assures correct permissions are associated with it, we could have done the same thing from AWS Glue but we would have needed extra effort to modify permissions for the next steps.<\/em><\/p>\n\n\n\n

After the database is created, we need the Glue Catalog, which is a metastore containing the schema (schema-on-read) of your data saved in S3 (usually as parquet files). 
Having a Glue Schema is necessary to set up the AWS Lake Formation access layer in front of your S3 Data Lake<\/strong>. To make it, just create a Crawler and link it to the same S3 path as the Database, and set that DB as the crawler output<\/strong>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"AWS
Setup of a basic AWS Glue Crawler<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

In order to use the Crawler, an IAM role is necessary, but luckily AWS has a step for that in the Crawler creation wizard:<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"IAM
How to create an IAM role for using the Crawler<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Once the Crawler is created, and data is imported into the catalog, we are ready for the next step.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"Cloudwatch
Cloudwatch Logs demonstrating that Crawler worked correctly<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

AWS Lake Formation<\/h3>\n\n\n\n

By having a Glue Data catalog in place, it is time to set up Lake Formation to finally manage user access permissions. <\/p>\n\n\n\n

In order to do so, let\u2019s start by going to the Lake Formation dashboard and removing the usual S3 access permissions<\/strong>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"Lake
Lake Formation dashboard<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

So we can go to Data Catalog Settings<\/em> and uncheck Use only IAM access control for new databases <\/em>and Use only IAM access control for new tables in new databases.<\/em> 
By default, access to Data Catalog resources and Amazon S3 locations are controlled solely by AWS Identity and Access Management (IAM) policies, unchecking the values allows Individual Lake Formation permissions<\/a> to take effect.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"Lake
Lake Formation data catalog setting: disable both the Use only flag<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Once access responsibilities are delegated to Lake Formation<\/strong>, we can remove the access for the standard IAMAllowedPrincipals IAM group, in the data lake Permissions<\/em> tab, select the permission of the IAM group<\/strong> and click Revoke<\/em>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"revoke
Revoke standard IAMAllowedPrincipals permissions<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

The user creating the DataLake will also be listed in this section with admin privileges, if you want that user to retain access to the data you can leave the permission as they are, otherwise you can either revoke the permission to the user\/role or restrict them<\/strong>.
Note: if you need to add a Data lake administrator principal, you can do so by going to the Administrative roles and tasks and adding a <\/em>Data lake admin<\/em><\/strong>.<\/em><\/p>\n\n\n\n

<\/p>\n\n\n\n

\"adding
Add admin and db creator console<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Once all these steps are completed, it is time to start defining Lake Formation tags (LF-Tags<\/strong> from now on), which will be used to restrict access to the data lake. 
From the LF-Tags<\/em> page under the Permissions<\/em> tab create a new LF-Tag<\/strong> and for key use level<\/em> and add private, sensitive, <\/em>and public<\/em> as value separated by comma just like in the figure. Click Add LF-tag<\/strong>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"Add
LF-Tag creation<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Now once created, how can we use these tags to enforce access control? First of all, let\u2019s go to the database section and select our database<\/strong>, created at the beginning of the tutorial. In database actions,<\/em> you can select the tag you\u2019ve created and the permission level. 
Usually, we leave the database access open and restrict permissions on a per table and fields basis, but this is different for each database. In our example, we assign the level public<\/strong> to the whole example database.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"Edit
Edit LF-Tag for the entire database<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Now if we want to restrict access to the columns in the user table containing personal info<\/strong>, we can go to the table to modify, select the column and change its LF-tag from public<\/strong> to private <\/strong>(see figures).<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"database
Schema of our example database in which we select a column<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

\"Editing
Editing a per column LF-Tag<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Now we just need to define which IAM principals (i.e, our test user) will have access to a given LF-Tag. To do so, let\u2019s go to Data lake permissions<\/em> and grant permissions to an IAM user\/role\/group to access resources tagged with a given LF-Tag<\/strong>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"read
Grant read permission<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

This example shows how to give a user access to all the resources tagged with \u201clevel\u201d: \u201cpublic\u201d. <\/p>\n\n\n\n

This user will thus be able to see all our databases except for the personal data tagged as private. Another user may have access to both public and private information, just add the private level in the LF-Tag section or modify columns tags according to your needs.<\/p>\n\n\n\n

We can now query the database table using our test user which, based on our set of permissions, is not able to see the first_name column (which is tagged as private).<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"
Athena is used to querying data and demonstrating that first_name is not shown in the table select because is tagged as private<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

As shown in the figure we have successfully managed to deny our test user the right to see a \u201csensible\u201d column of our choice. <\/p>\n\n\n\n

We would like to encourage the user to experiment in adding or removing also describe and select options from the LF-Tag permissions in the Data Lake section to see that we can also deny listing both database and tables.<\/p>\n\n\n\n

Note: as of <\/em>Nov 3, 2021<\/em>: to enhance security, AWS Lake Formation also added support for <\/em>managed VPC endpoints via <\/em>AWS PrivateLink<\/em><\/a> to access a data lake in a Virtual Private Cloud.<\/em><\/p>\n\n\n\n

Feature in preview: row-level security<\/h2>\n\n\n\n

Lake Formation is still a young service, so there is much room for improvement. AWS is constantly working on increasing features for its services, and Lake Formation is no exception.<\/p>\n\n\n\n

AWS Lake Formation already allows setting access policies to hide data, such as a column with sensitive information, from users who do not have permission to view that data. <\/p>\n\n\n\n

Row-level security will add up to that by allowing to set row-level policies in addition to column-level policies. <\/p>\n\n\n\n

An example could be setting a policy that gives a data scientist access to only the experiment data marked with a specific id.<\/p>\n\n\n\n

Another interesting aspect would be to share the same Data Lake for different datasets to reduce costs and management efforts.<\/p>\n\n\n\n

To Sum up<\/h2>\n\n\n\n

In this article, we have seen how we can leverage the power of AWS Services for Storage and Data Analytics to tackle the challenge imposed by Big Data, in particular how to manage access, permissions, and governance.<\/p>\n\n\n\n

We have shown that AWS Glue crawlers can effectively retrieve unstructured data from temporary repositories, being them databases like RDS or on-premises, or object storages like S3, and obtain a schema to populate a Glue Catalog.<\/p>\n\n\n\n

We have seen that starting from S3 and a metadata store, it is possible to create a Lake Formation Catalog on top of S3, entirely managed by AWS, to drastically reduce the management effort to set up and administrate a Data lake.<\/p>\n\n\n\n

We have briefly seen what is a Tag-Based Access Control (TBAC) methodology and how can be effectively used to manage access and permissions.<\/p>\n\n\n\n

We have shown that AWS Lake Formation can apply IAM policies and TBAC rules to give or restrain access to users and groups even on a per-column\/row basis. We demonstrated that with Lake Formation and AWS Glue, we could obscure sensitive data to specific principals.<\/p>\n\n\n\n

We have described LF-Tags in detail, with a simple tutorial. Finally, We have talked about Row-Level Security.<\/p>\n\n\n\n

To conclude, we can say that for challenges regarding Big Data and proper storage solutions, with an eye for security and governance matters, there are always two possible choices to make: DIY or opt for a managed solution.<\/p>\n\n\n\n

In this article, we chose a managed<\/strong> solution to show all the benefits of a more rigid approach to the problem. Despite being less flexible to adaptation, it offers a service more adherent to best practices and less burden in administration and governance.<\/p>\n\n\n\n

As always, feel free to comment in the section below, and reach us for any doubt, question or idea! <\/p>\n\n\n\n

See you on Proud2beCloud<\/strong> in a couple of weeks for a new story!<\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction Big Data has rapidly grown as a way to describe information obtained from heterogeneous sources when it becomes incredibly […]<\/p>\n","protected":false},"author":6,"featured_media":3815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[468],"tags":[445,278,466,462,540],"yoast_head":"\nLake Formation: Data Security and Data Governance with LF-TBAC - Proud2beCloud Blog<\/title>\n<meta name=\"description\" content=\"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lake Formation: Data Security and Data Governance with LF-TBAC\" \/>\n<meta property=\"og:description\" content=\"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/\" \/>\n<meta property=\"og:site_name\" content=\"Proud2beCloud Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-12T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-12T11:00:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/11\/Copertina-blog-12-11-21-social-eng.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alessandro Gaggia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Lake Formation: Data Security and Data Governance with LF-TBAC\" \/>\n<meta name=\"twitter:description\" content=\"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/11\/Copertina-blog-12-11-21-social-eng.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alessandro Gaggia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/\",\"url\":\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/\",\"name\":\"Lake Formation: Data Security and Data Governance with LF-TBAC - Proud2beCloud Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.besharp.it\/#website\"},\"datePublished\":\"2021-11-12T13:00:00+00:00\",\"dateModified\":\"2021-11-12T11:00:05+00:00\",\"author\":{\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924\"},\"description\":\"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.besharp.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lake Formation: Data Security and Data Governance with LF-TBAC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.besharp.it\/#website\",\"url\":\"https:\/\/blog.besharp.it\/\",\"name\":\"Proud2beCloud Blog\",\"description\":\"il blog di beSharp\",\"alternateName\":\"Proud2beCloud Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.besharp.it\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924\",\"name\":\"Alessandro Gaggia\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g\",\"caption\":\"Alessandro Gaggia\"},\"description\":\"Head of software development di beSharp, Full-Stack developer, mi occupo di garantire lo stato dell\u2019arte di tutta la nostra codebase. Scrivo codice in quasi ogni linguaggio, ma prediligo Typescript. Respiro Informatica, Game design, Cinema, Fumetti e buona cucina. Disegno per passione!\",\"url\":\"https:\/\/blog.besharp.it\/author\/alessandro-gaggia\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lake Formation: Data Security and Data Governance with LF-TBAC - Proud2beCloud Blog","description":"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/","og_locale":"en_US","og_type":"article","og_title":"Lake Formation: Data Security and Data Governance with LF-TBAC","og_description":"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0","og_url":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/","og_site_name":"Proud2beCloud Blog","article_published_time":"2021-11-12T13:00:00+00:00","article_modified_time":"2021-11-12T11:00:05+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/11\/Copertina-blog-12-11-21-social-eng.png","type":"image\/png"}],"author":"Alessandro Gaggia","twitter_card":"summary_large_image","twitter_title":"Lake Formation: Data Security and Data Governance with LF-TBAC","twitter_description":"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0","twitter_image":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/11\/Copertina-blog-12-11-21-social-eng.png","twitter_misc":{"Written by":"Alessandro Gaggia","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/","url":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/","name":"Lake Formation: Data Security and Data Governance with LF-TBAC - Proud2beCloud Blog","isPartOf":{"@id":"https:\/\/blog.besharp.it\/#website"},"datePublished":"2021-11-12T13:00:00+00:00","dateModified":"2021-11-12T11:00:05+00:00","author":{"@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924"},"description":"Setting up a Data Lake with Lake Formation with a particular eye on Security and Governance through the LF-TBAC approach.\u00a0","breadcrumb":{"@id":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.besharp.it\/lake-formation-data-security-and-data-governance-with-lf-tbac\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.besharp.it\/"},{"@type":"ListItem","position":2,"name":"Lake Formation: Data Security and Data Governance with LF-TBAC"}]},{"@type":"WebSite","@id":"https:\/\/blog.besharp.it\/#website","url":"https:\/\/blog.besharp.it\/","name":"Proud2beCloud Blog","description":"il blog di beSharp","alternateName":"Proud2beCloud Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.besharp.it\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924","name":"Alessandro Gaggia","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g","caption":"Alessandro Gaggia"},"description":"Head of software development di beSharp, Full-Stack developer, mi occupo di garantire lo stato dell\u2019arte di tutta la nostra codebase. Scrivo codice in quasi ogni linguaggio, ma prediligo Typescript. Respiro Informatica, Game design, Cinema, Fumetti e buona cucina. Disegno per passione!","url":"https:\/\/blog.besharp.it\/author\/alessandro-gaggia\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/3775"}],"collection":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/comments?post=3775"}],"version-history":[{"count":0,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/3775\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media\/3815"}],"wp:attachment":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media?parent=3775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/categories?post=3775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/tags?post=3775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}