As data lakes grow, managing "who can access which tables, columns, and rows" becomes difficult with IAM policies alone. AWS Lake Formation is a service for central, fine-grained data lake permission management. Today we cover permission models, data location registration, and blueprints.
Using only S3 + Glue Data Catalog, permissions scatter across IAM policies and S3 bucket policies. Column-level and row-level control is difficult, and auditing is complex. Lake Formation abstracts permissions to database/table/column/row levels and manages them centrally with GRANT and REVOKE operations.
💡 Related Theory: Lake Formation uses Glue Data Catalog as the permission control point