加强 Apache Spark 工作负载的安全性.pdf

《加强 Apache Spark 工作负载的安全性.pdf》由会员分享，可在线阅读，更多相关《加强 Apache Spark 工作负载的安全性.pdf（33页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.A N T 3 2 0Strengthening the security for Apache Spark workloadsAvichay(avi)MarcianoSr.Analytics specialist SARadhika RaviralaPrincipal Product managerAWS Analytics

2、2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Handle Sensitive DataMultiple PersonasCompliance needsModern data workflows security landscapeMonitor&Audit 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Security building blocksAuthentication Authorization 2025,

3、Amazon Web Services,Inc.or its affiliates.All rights reserved.Consider traditional data lakes.Data Consumer AccountsAmazon EMRRisk ManagementAmazon SageMakerFraud DetectionAmazon SageMaker ModelAmazon BedrockReportingAmazon RedshiftAmazon AthenaAmazon QuickSight“Elle”Data Analyst”Joe”Data ScientistB

4、I GroupCentral Governance AccountAWS GlueData CatalogAWS Lake FormationAWS GlueETL JobAWS GlueETL JobRaw layerProcessedlayerConsumptionlayerAWS CloudTrail 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.How can I enforce AWS Lake Formation permissions to end users?Database adminsI

5、 see this role accessed this data.Who did that?AuditorsWhy cant I access green data and blue data with one role?Power userEnd userWhich federated role should I use to access Glue data catalogIdP adminsHow do we map users and groups to IAM roles?2025,Amazon Web Services,Inc.or its affiliates.All righ

6、ts reserved.User identity based accessData access based on IAM principalsIdentity PropagationUsers identity is not relayed to the downstream services in the pipelineAudit trailNo trail of user actionsSecurity challenges123 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.And transa