AWS – The Amazon SageMaker lakehouse architecture now supports tag-based access control for federated catalogs

The Amazon SageMaker lakehouse architecture now supports tag based access control (TBAC) for managing fine-grained data access across federated catalogs. This capability, previously available only for default AWS Glue Data Catalog resources, is now available across Amazon S3 Tables, Amazon Redshift data warehouses, and federated data sources including Amazon DynamoDB, PostgreSQL, and SQL Server. TBAC enables simplified permission management by logically grouping catalog resources using tags, allows scaling permissions across datasets with a minimal set of permissions, and also facilitates data sharing across different accounts.

TBAC simplifies how administrators manage data access permissions by replacing direct resource-level permissions with tag-based grants. Instead of manually assigning permissions to individual tables or columns, administrators can now efficiently control access through tags that are automatically inherited by resources. This inheritance feature ensures that new tables automatically receive appropriate fine-grained access controls without additional policy modifications.

You can get started with TBAC through the AWS Lake Formation console. Create tags using key-value pairs, associate them with databases, tables, or columns, and grant permissions to principals based on specific tags. Users can then access tagged resources through Amazon Athena, Amazon Redshift, Amazon EMR, or Amazon SageMaker Unified Studio.

This feature is available through the AWS Management Console, AWS CLI, and AWS SDKs in all commercial AWS Regions. To get started, read the blog and visit the Lake Formation Tags documentation. 

Read More for the details.