Skip to content

Setup for Lake Formation Push Mode - Access Management

This section describes how to set up the AWS Lake Formation connector in push mode. Make sure you have completed the prerequisites before you start the setup.

Perform following steps to configure AWS Lake Formation connector using Push mode:

  1. SSH to the instance where Privacera is installed.

  2. Run the following command to navigate to the /config directory.

    Bash
    1
    cd ~/privacera/privacera-manager/config

  3. Run the following command to create a new directory:

    Bash
    1
    mkdir -p custom-vars/connectors/lakeformation/instance1

  4. Run the following command to copy the sample vars:

    Bash
    1
    cp sample-vars/vars.connector.lakeformation.push.yml custom-vars/connectors/lakeformation/instance1/

  5. Run the following command to open the .yml file to be edited.

    Bash
    1
    vi custom-vars/connectors/lakeformation/instance1/vars.connector.lakeformation.push.yml

  6. Modify the following properties:

    • CONNECTOR_LAKEFORMATION_AWS_ACCOUNT_ID - Enter the AWS Account ID of the account you will be running the AWS Lake Formation connector.

    • CONNECTOR_LAKEFORMATION_AWS_REGION - Set AWS region to connect to your AWS Lake Formation instance.

    • CONNECTOR_LAKEFORMATION_ENABLE_PUSH_POLICIES_TO_RANGER - Set this to true, if you want to push policies to other policy repositories.

    • CONNECTOR_LAKEFORMATION_SINK_HIVE_SERVICE_APP_ID - Set the policy repository name where you want the connector to push policies for the hive.

  7. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Bash
    1
2
3
    cd ~/privacera/privacera-manager

./privacera-manager.sh update

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. On the Applications screen, select Lakeformation Push Mode.

  3. Enter the application Name and Description. Click Save. Name could be any name of your choice. E.g. AWS Lake Formation Connector for account 123456.

  4. Open the AWS Lake Formation application.

  5. Enable the Access Management option with toggle button.

  6. Under the BASIC tab, enter the values for:

  7. AWS Account ID : 12345XXX

  8. AWS Assume IAM Role ARN : Use the role ARN created for the AWS Lake Formation connector.

  9. AWS Region : e.g. us-east-1

  10. Click SAVE.

  11. The configured AWS Lake Formation connector appears under Applications.

  12. Once saved and enabled, the AWS Lake Formation connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

  13. Perform following steps to restart the AWS Lake formation connector application:

    1. Go to SettingsApplications → select the****Lake formation** connector application** .

    2. Edit the application → Disable it → and Save it.

    3. Open the same application again and then: Enable it → and Save it.

Comments