Working with AWS Lake Formation-protected data

Full Table Access

AWS Glue supports Full Table Access (FTA) for AWS Lake Formation-protected tables. This allows your ETL jobs to read and write data with full table permissions.

Prerequisites

Appropriate IAM roles and permissions
AWS Lake Formation configured for your data catalog
Compatible table types (Hive or Iceberg)

Key considerations

Required permissions

lakeformation:GetDataAccess IAM permission
AWS Lake Formation table permissions
Amazon S3 bucket access permissions

Supported table types

Hive tables
Iceberg tables

Limitations

Not compatible with Spark Streaming
Cannot be used simultaneously with fine-grained access control
Does not support Delta or Hudi tables

Best Practices

Ensure IAM roles are properly configured before job execution
Test access permissions in a development environment
Monitor job execution logs for permission-related issues
Maintain clear documentation of access patterns

Troubleshooting

Common issues include:

Missing IAM permissions
Incorrect AWS Lake Formation configuration
Table type compatibility problems

For complete setup instructions and configuration details, see Using AWS Lake Formation with full table access.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Crawling an Amazon S3 data store using a VPC endpoint

Troubleshooting connection issues