Amazon SageMaker Lakehouse now supports attribute based access control

Amazon SageMaker Lakehouse now supports attribute-based access control (ABAC), using AWS Identity and Access Management (IAM) principal and session tags to simplify data access, grant creation, and maintenance. With ABAC, you can manage permissions using dynamic business attributes associated with user identities. Previously, SageMaker Lakehouse granted access to lakehouse databases and tables by directly assigning permissions to specific principals such as IAM users and IAM roles, a process that could quickly become unwieldy as the number of users grew. ABAC now allows administrators to grant permissions on a resource with conditions that specify user attribute keys and values. This means that any IAM principal or IAM role with matching principal or session tag keys and values will automatically have access to the resource making the experience more efficient. You can use ABAC though the AWS Lake Formation console to provide access to IAM users and IAM roles for both in-account and cross-account scenarios. For instance, rather than creating individual policies for each developer, administrators can now simply assign them an IAM tag with a key such as “team” and value "developers" and provide access to all developers with a single permission grant. As new developers join with the matching tag and value, no additional policy modifications are required. This feature is available in all AWS [Regions](https://docs.aws.amazon.com/lake-formation/latest/dg/supported-regions.html) where SageMaker Lakehouse is available. To get started, read the [launch blog](https://aws.amazon.com/blogs/big-data/amazon-sagemaker-lakehouse-now-supports-attribute-based-access-control/) and read [ABAC documentation](https://docs.aws.amazon.com/lake-formation/latest/dg/attribute-based-access-control.html).