AWS Analytics services, including Amazon QuickSight, Amazon Redshift, Amazon EMR, AWS Lake Formation, and Amazon S3 via S3 Access Grants, now use trusted identity propagation with AWS IAM Identity Center to manage and audit access to data and resources based on user identity. This new capability passes identity information between connected business intelligence and data analytics applications. Administrators define access to their service based on a common set of users and groups in the customer’s chosen identity provider. Auditors can track users’ access across services. Analytics users benefit from an improved single sign-on experience when accessing data.
Trusted identity propagation is available to customers accessing AWS data sources through Amazon Quicksight, EMR Studio, Redshift Query Editor; supported third-party tools and applications; and S3 Access Grants. In big data environments managed by Amazon EMR, trusted identity propagation is available for EMR on EC2. It interacts with authorization engines, including Amazon Redshift, Lake Formation, and S3 Access Grants, and propagates the user’s identity all the way to the data source, Amazon Redshift or S3.
For AWS Region availability of trusted identity propagation, please refer to the service documentation for each AWS Analytics service. Where available, service administrators can enable trusted identity propagation in the respective service console or using the AWS CLI.
To learn more about trusted identity propagation for AWS Analytics services, read the documentation links below: