Skip to main content

Privacera Documentation

Create AWS Lake Formation connectors for multiple AWS regions for Platform

This topic describes how to setup AWS Lake Formation connectors for multiple AWS regions.


The following diagram shows the architecture of AWS Lake Formation connectors with multiple AWS regions.

  • Left Panel: AWS Cloud with 2 regions us-east-1 and us-west-2.

  • Right Panel: Two separate AWS Lake Formation connectors configured within Privacera. Each connector is responsible for syncing policies from us-east-1 and us-west-2 region respectively.

  • Resource Policies : This block contains the Hive and AWS Lake Formation policy repositories within Privacera. Privacera has privacera_us_east_1_hive / privacera_us_east_1_lakeformation and privacera_us_west_2_hive / privacera_us_west_2_lakeformation for us-east-1 and us-west-2 region policies.

  • Tag Policies: This block contains the tag policy repositories within Privacera. You can have tag based AWS Lake Formation policies inside policy repository privacera_us_east_1_tag and privacera_us_west_2_tag for us-east-1 and us-west-2 region.

Set up AWS Lake Formation connectors with multiple regions for Platform


Follow the steps outlined in Configure AWS Lake Formation connector on Privacera Platform to setup the connectors for each region.

  • Make sure to create different configuration folder for each region custom-vars/connectors/lakeformation/. For example us-east-1 region connector .yml file can be inside custom-vars/connectors/lakeformation/instance1 and the us-west-2 region connector .yml file can be inside custom-vars/connectors/lakeformation/instance2.

  • Set the CONNECTOR_LAKEFORMATION_AWS_ACCOUNT_ID and CONNECTOR_LAKEFORMATION_AWS_REGION variable values in the configuration file.

  • Set the CONNECTOR_LAKEFORMATION_SINK_HIVE_SERVICE_APP_ID and CONNECTOR_LAKEFORMATION_SINK_LAKEFORMATION_SERVICE_APP_ID variable values with the policy repository names you have configured for each region.