Immuta + Amazon S3

Amazon S3 is incredibly popular because it is capable of storing and retrieving almost any amount of data from anywhere. This allows leading cloud platforms, including Amazon Redshift, Amazon EMR, Amazon SageMaker, Databricks, and Snowflake, to easily manage and analyze that data. The Immuta Data Security Platform builds on Amazon S3 security controls for data stored in S3, so all downstream users can get more use and value out of that data.

Request a Demo
Our Value

Scalable Data Security for Amazon S3

Simplify operations

Manage 93x fewer data policies while also improving transparency.

Improve data security

Granular security for structured data in S3.

Unlock data’s value

100x faster access to data in S3 – all
with less risk.

By leveraging this new release from Immuta that integrates with Amazon S3 Access Grants, we envision a single control plane for data owners and governors to manage access at scale for all S3 resources ingested into our data lake (both structured and unstructured). Moreover, as this integration is based on a new S3 native access control capability, it gives us confidence that controls will be enforced consistently, no matter which technology data consumers will choose to access the data.

Luca Falsina Principal Software Engineer
Why Immuta

Benefits of Immuta for S3 Security

Protecting and ensuring the safe and proper use of S3 data is the highest priority for data owners, platform owners, compliance and governance officers, and security stakeholders. Failure to protect this information is risky, and can easily result in data leak headlines that damage your company’s reputation and incur significant compliance fines.

Amazon S3 Only

  • Standard controls only sufficient for static access control patterns
  • Limited scalability (5KB on IAM policies and 20 KB limits on buckets)
  • Policies not centralized and must be rewritten for each platform
  • No data usage monitoring and risk remediation
  • No sensitive data discovery and customizable classification
With Immuta

  • 93x fewer data policies required
  • Centralized ABAC policy management provides transparency and consistency
  • Local and global policies ensure access control is robust yet flexible
  • Extend policies to Amazon EMR Spark workloads for complex processing
  • Proactive data monitoring and compliance auditing

Immuta + S3 Architecture

Immuta’s Amazon S3 integration allows you to map object access to users or IAM roles, based on user and object attributes. Leveraging Amazon Macie to detect file contents, you can use Immuta to attach data source-level tags to the S3 prefix-based data sources via Immuta UI
or API. Those tags are then used to create policies that protect data sources at the S3
prefix level.

Key Capabilities

How Immuta Works with Amazon S3

The Immuta policy editor allows any user, regardless of technical expertise, to create and manage subscription policies on their S3 objects, ensuring global policies can be applied to meet organizational standards and encourage policy reuse. This reduces workflow bottlenecks since all users are empowered to understand, maintain, and approve policies.

Connect Your Data Sources

Within the Immuta UI, you can automatically connect to your S3 data lake and any other data sources you leverage. Additionally, you can leverage existing metadata in your enterprise data catalog or sensitive data discovery tool, like Amazon Macie.

Add Your S3 Buckets

Once you've connected S3 to Immuta, it's easy to specify the data for which you want Immuta to authorize access. With Immuta, you can attach data source-level tags to the S3 prefix-based data sources directly in the UI or via API. Those tags are then used to create policies that protect data sources at the S3
prefix level.

Amazon S3 – Add Object Storage

Write Your Policies

Immuta's plain language policy builder allows you to author, manage, and monitor policies with no technical expertise required. By leveraging various user, object, and environment attributes, including purpose and location, Immuta's attribute-based access control (ABAC) dynamically enforces policies consistently at scale, eliminating the need to manually write controls for every S3 object.

Tour Immuta with S3