presto icon indicating copy to clipboard operation
presto copied to clipboard
verified publisher icon prestodb

Presto and AWS Lake Formation Integration

Open imjalpreet opened this issue 2 years ago • 10 comments

This issue will track all the issues and PRs for adding the support for AWS Lake Formation in Presto.

As I mentioned at last month's TSC meeting, I am sharing the detailed design for this implementation https://docs.google.com/document/d/1fEdENgeY2pzdehQdNDULpRn0p7-0Mklj3twQCuzi15E/edit?usp=sharing

Below are some of the major components that are going to be introduced or modified as part of this integration:

  • [x] Introduction of AWS Security Mapping in Presto: #21622
  • [ ] Extend support of Metastore Impersonation when using Glue Metastore in Presto
  • [ ] Add support for metadata restriction in Presto: Add support for authorization for SHOW COLUMNS, DESCRIBE and SHOW CREATE TABLE/VIEW queries: https://github.com/prestodb/presto/pull/25364
  • [ ] Add new hive security module for Lake Formation: Implement ConnectorAccessControl for Lake Formation
  • [ ] Implement custom DynamicConfigurationProvider for AWS Lake Formation
  • [ ] Add support for allowing filtering of unauthorized columns from SELECT * queries

imjalpreet avatar Sep 13 '23 16:09 imjalpreet

Please feel free to comment in case you have any questions or suggestions on the design.

imjalpreet avatar Sep 13 '23 16:09 imjalpreet

One of the dependencies for adding Row Filtering Support via AWS Lake Formation is adding SPI support for Row Filtering in Presto #16955 #20572

imjalpreet avatar Sep 25 '23 21:09 imjalpreet

The detailed design is very good. Thanks. Can/should this be ported to an RFC so it's in the git repo and doesn't rely on google docs accounts that might go away?

elharo avatar May 21 '24 17:05 elharo

Can/should this be ported to an RFC so it's in the git repo and doesn't rely on google docs accounts that might go away?

I don't mind porting it to a RFC if needed. Please let me know how we want to move forward.

imjalpreet avatar May 22 '24 12:05 imjalpreet

Let's translate it into an RFC and we can merge it quickly. IMO we've already aligned on this (prior to RFCs existing) and it's more about documenting it for posterity.

tdcmeehan avatar May 22 '24 13:05 tdcmeehan

@elharo @tdcmeehan I have raised the PR https://github.com/prestodb/rfcs/pull/17.

imjalpreet avatar Jul 19 '24 21:07 imjalpreet

Hi @imjalpreet @tdcmeehan @elharo, is this initiative still alive? I'd be very much interested in using LF integration

trina242 avatar Feb 10 '25 15:02 trina242

Hi @trina242, I've been working on this, but I haven't had enough time in the last few months to finalize the remaining pull requests due to higher priority items in the community. Now that there is renewed interest from the community, I can resume work and will provide updates on this issue as the respective PRs are raised.

imjalpreet avatar Feb 11 '25 20:02 imjalpreet

@trina242 If you're interested, please have a look at the RFC here: https://github.com/prestodb/rfcs/pull/17. Please let us know if you have any questions or suggestions.

imjalpreet avatar Feb 11 '25 20:02 imjalpreet

I understand. If this work can be resumed - that would be a fantastic news. I have already read the RFC, it's very good and all is clear to me. Thank you and good luck!

trina242 avatar Feb 12 '25 18:02 trina242