By leveraging this new release from Immuta that integrates with Amazon S3 Access Grants, we envision a single control plane for Booking.com data owners and governors to manage access at scale for all S3 resources ingested into our data lake (both structured and unstructured). Moreover, as this integration is based on a new S3 native access control capability, it gives us confidence that controls will be enforced consistently, no matter which technology data consumers will choose to access the data.
Immuta + Amazon S3
Amazon S3 is incredibly popular because it is capable of storing and retrieving almost any amount of data from anywhere. This allows leading cloud platforms, including Amazon Redshift, Amazon EMR, Amazon SageMaker, Databricks, and Snowflake, to easily manage and analyze that data. The Immuta Data Security Platform builds on Amazon S3 security controls for data stored in S3, so all downstream users can get more use and value out of that data.
Request a Demo
Simplify operations
Manage 93x fewer data policies while also improving transparency.
Improve data security
Granular security for structured data in S3.
Unlock data’s value
100x faster access to data in S3 – all
with less risk.
Luca Falsina
Principal Software Engineer
Amazon S3 Only
- Standard controls only sufficient for static access control patterns
- Limited scalability (5KB on IAM policies and 20 KB limits on buckets)
- Policies not centralized and must be rewritten for each platform
- No data usage monitoring and risk remediation
- No sensitive data discovery and customizable classification
With Immuta
- 93x fewer data policies required
- Centralized ABAC policy management provides transparency and consistency
- Local and global policies ensure access control is robust yet flexible
- Extend policies to Amazon EMR Spark workloads for complex processing
- Proactive data monitoring and compliance auditing
Connect Your Data Sources
Within the Immuta UI, you can automatically connect to your S3 data lake and any other data sources you leverage. Additionally, you can leverage existing metadata in your enterprise data catalog or sensitive data discovery tool, like Amazon Macie.
Add Your S3 Buckets
Once you've connected S3 to Immuta, it's easy to specify the data for which you want Immuta to authorize access. With Immuta, you can attach data source-level tags to the S3 prefix-based data sources directly in the UI or via API. Those tags are then used to create policies that protect data sources at the S3 prefix level.
Write Your Policies
Immuta's plain language policy builder allows you to author, manage, and monitor policies with no technical expertise required. By leveraging various user, object, and environment attributes, including purpose and location, Immuta's attribute-based access control (ABAC) dynamically enforces policies consistently at scale, eliminating the need to manually write controls for every S3 object.
