Adding an aggregation analysis rule to a table (guided flow)Adding a list analysis rule to a table (guided flow)Adding a custom analysis rule to a table (guided flow)Adding analysis rule to a table (JSON editor)Next steps

Adding an analysis rule to a configured table

The following sections describe how to add an analysis rule to your configured table. By deﬁning the analysis rules, you can authorize the member who can query to run queries that match a speciﬁc analysis rule supported by AWS Clean Rooms.

AWS Clean Rooms supports the following types of analysis rules:

There can be only one analysis rule per configured table. You can configure the analysis rule any time before you associate your configured tables with the collaboration.

Important

If you are using Cryptographic Computing for Clean Rooms and have encrypted data tables in the collaboration, the analysis rule you add to the encrypted configured table should be consistent with how the data was encrypted. For example, if you encrypted the data for SELECT (aggregation analysis rule), you shouldn't add the analysis rule for JOIN (list analysis rule).

Topics

Adding an aggregation analysis rule to a table (guided flow)
Adding a list analysis rule to a table (guided flow)
Adding a custom analysis rule to a table (guided flow)
Adding analysis rule to a table (JSON editor)
Next steps

Adding an aggregation analysis rule to a table (guided flow)

The aggregation analysis rule allows queries that aggregate statistics without revealing row-level information using COUNT, SUM, and AVG functions along optional dimensions.

This procedure describes the process of adding an aggregation analysis rule to your configured table by using the Guided flow option in the AWS Clean Rooms console.

To add the aggregation analysis rule to a table (guided flow)

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Configured tables.
Choose the configured table.
On the configured table detail page, choose Configure analysis rule.
Under Step 1: Choose type, under Type, leave the Aggregation option selected by default.
Under Creation method, select Guided flow, and then choose Next.
Under Step 2: Specify query controls, for Aggregate functions:
1. Choose an Aggregate function from the dropdown:
  - COUNT
  - COUNT DISTINCT
  - SUM
  - SUM DISTINCT
  - AVG
2. Choose which columns can be used in the Aggregate function from the Columns dropdown.
3. (Optional) Choose Add another function to add another aggregate function and associate one or more columns to that function.
  
  Note
  At least one aggregate function is required.
4. (Optional) Choose Remove to remove an aggregate function.

For Join controls,

Choose one option for Allow table to be queried by itself:

If you choose...	Then ...
No, only overlap can be queried	The table can be queried only when joined to a table owned by the member who can query.
Yes	The table can be queried by itself or when joined to other tables.

Under Specify join columns, choose the columns that you want to allow to be used in the INNER JOIN statement.

This is optional if you have selected Yes in the previous step.

Under Specify allowed operators for matching, choose which, if any, operators can be used for matching on multiple join columns. If you select two or more JOIN columns, one of these operators is required.

If you choose...	Then ...
AND	You can include `AND` in the `INNER JOIN` match conditions to join one column to another column between tables.
OR	You can include `OR` in the `INNER JOIN` match conditions to combine multiple column matches between tables. This logical operator is useful for obtaining a higher match rate.

(Optional) For Dimension controls, in the Specify dimension columns dropdown, choose which columns you want to allow to be used in the SELECT statement, and the WHERE, GROUP BY, and ORDER BY parts of the query.

Note
Aggregate function or join columns can’t be used as Dimension columns.

For Scalar functions, choose one option for Which scalar functions do you want to allow?

If you choose...	Then ...
All currently supported by AWS Clean Rooms	You allow all scalar functions currently supported by AWS Clean Rooms. You can choose View list to see the entire list of Scalar functions supported in AWS Clean Rooms.
A custom list	You can customize which scalar functions to allow. Choose one or more options from the Specify allowed scalar functions dropdown.
None	You don't want to allow any scalar functions.

For more information, see Scalar functions.

Choose Next.
Under Step 3: Specify query results controls, for Aggregation constraints:
1. Select the dropdown list for each Column name.
2. Select the dropdown list for each Minimum number of distinct values that must be met for each output row to be returned, after the COUNT DISTINCT function is applied to it.
3. Choose Add constraint to add more aggregation constraints.
4. (Optional) Choose Remove to remove an aggregation constraint.

For Additional analyses applied to output, select an option based on your goal.

Your goal	Recommended option
Allow only direct queries on this table. Deny additional analyses from being run on query results. The table can only be used for direct querying.	Not allowed
Allow but don’t require both direct queries and additional analyses on this table.	Allowed
Require that the table can only be used in direct queries that are processed with one of the required additional analyses. Direct queries on this table must be further processed before they can be returned.	Required

Choose Next.
Under Step 4: Review and configure, review the selections you’ve made for the previous steps, edit if necessary, and then choose Configure analysis rule.

You see a confirmation message that you’ve successfully configured an aggregation analysis rule to the table.

Adding a list analysis rule to a table (guided flow)

The list analysis rule allows queries that output row-level lists of the overlap between the associated table and a table of the member who can query.

This procedure describes the process of adding the list analysis rule to your configured table using the Guided flow option in the AWS Clean Rooms console.

To add a list analysis rule to a table (guided flow)

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Configured tables.
Choose the configured table.
On the configured table detail page, choose Configure analysis rule.
Under Step 1: Choose type, under Type, choose the List option.
Under Creation method, select Guided flow, and then choose Next.

Under Step 2: Specify query controls, for Join controls:

Under Specify join columns, choose the columns that you want to allow to be used in the INNER JOIN statement.

If you choose...	Then ...
AND	You can include `AND` in the `INNER JOIN` match conditions to join one column to another column between tables.
OR	You can include `OR` in the `INNER JOIN` match conditions to combine multiple column matches between tables. This logical operator is useful for obtaining a higher match rate.

(Optional) For List controls, in the Specify list columns dropdown, choose which columns you want to allow to be used in the query output (that is, used in the SELECT statement), or used to filter results (that is, the WHERE statement).
Choose Next.

Under Step 3: Specify query results controls, for Additional analyses applied to output, select an option based on your goal.

Your goal	Recommended option
Allow only direct queries on this table. Deny additional analyses from being run on query results. The table can only be used for direct querying.	Not allowed
Allow but don’t require both direct queries and additional analyses on this table.	Allowed
Require that the table can only be used in direct queries that are processed with one of the required additional analyses. Direct queries on this table must be further processed before they can be returned.	Required

Under Step 4: Review and configure, review the selections you’ve made for the previous steps, edit if necessary, and then choose Configure analysis rule.

You see a confirmation message that you’ve successfully configured a list analysis rule for the table.

Adding a custom analysis rule to a table (guided flow)

The custom analysis rule enables custom SQL queries on a configured table. The custom analysis rule is required if you're using:

analysis templates – to allow a specific set of pre-approved SQL queries or a specific set of accounts that can provide queries that use your data
differential privacy – to protect against user-identification attempts

This procedure describes the process of adding the custom analysis rule to your configured table using the Guided flow option in the AWS Clean Rooms console.

To add a custom analysis rule to a table (guided flow)

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Configured tables.
Choose the configured table.
On the configured table detail page, choose Configure analysis rule.
Under Step 1: Choose type, under Type, choose the Custom option.
Under Creation method, select Guided flow, and then choose Next.

Under Step 2: Set differential privacy, determine whether you want differential privacy turned on or off. Differential privacy is a mathematically-proven technique to protect your data from re-identification attacks.

For Differential privacy:

If you...	Then choose ...
Have user-level data and you want protection against re-identification attempts	Turn on
Don't have user-level data or don't need protection against re-identification attempts	Turn off

If you have chosen to Turn on differential privacy, select the User identifier column that contains the unique identifier of your users, such as the user_id column, whose privacy you want to protect.

To turn on differential privacy for two or more tables in a collaboration, you must configure the same column as the User identifier column in both analysis rules to maintain a consistent definition of users across tables. In case of a misconfiguration, the member who can query receives an error message that there are two columns to choose from in order to compute the number of user contributions (for example, the number of ad impressions made by a user) while running the query.
Choose Next.

Under Step 3: Specify query controls,

For Control type, choose an option based on your goal.

Your goal	Option
Review each new analysis template before it's run on your configured table	Review each new analysis before it is allowed to be run on this table
Let any analysis template or direct query be performed on your configured table	Allow any queries created by specific collaborators to run without review on this table

Choose one of the following:

If you've chosen ...	Then ...
Review each new analysis before it is allowed to be run on this table	Under Analysis templates allowed to be run, choose Add analysis template, and then choose the appropriate Collaboration and the Analysis template from the dropdown lists.
Allow any queries created by specific collaborators to run without review on this table	Under AWS accounts allowed to create any query, choose Add AWS account, and then choose the appropriate AWS account ID.

Choose Next.

Under Step 4: Specify query results controls,

For Columns not allowed in output, choose one an option based on your goal.

Your goal	Recommended option
Allow all columns to be returned in query outputs	None
Disallow certain columns from being returned in query outputs	Custom list

Choose one of the following:

If you've chosen ...	Then ...
None	Proceed to Additional analyses applied to output
Custom list	Under Specify disallowed columns, choose the columns that you want removed from query outputs.

For Additional analyses applied to output select an option based on your goal.

Your goal	Recommended option
Allow only direct queries on this table. Deny additional analyses from being run on query results. The table can only be used for direct querying.	Not allowed
Allow but don’t require both direct queries and additional analyses on this table.	Allow
Require that the table can only be used in direct queries that are processed with one of the required additional analyses. Direct queries on this table must be further processed before they can be returned.	Required

Choose Next.
Under Step 5: Review and configure, review the selections you’ve made for the previous steps, edit if necessary, and then choose Configure analysis rule.

You see a confirmation message that you’ve successfully configured a custom analysis rule for the table.

Adding analysis rule to a table (JSON editor)

The following procedure shows how to add an analysis rule to a table using the JSON editor option in the AWS Clean Rooms console.

To add an aggregation, list, or custom analysis rule to a table (JSON editor)

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Configured tables.
Choose the configured table.
On the configured table detail page, choose Configure analysis rule.
Under Step 1: Choose type, under Type, choose either the Aggregation, List, or Custom option.
Under Creation method, select JSON editor, and then choose Next.

Under Step 2: Specify controls, you can choose to insert a query structure (Insert template) or insert a file (Import from file).

If you choose...	Then ...
Insert template	Specify the parameters for the selected analysis rule in the Analysis rule definition. You can press Ctrl + Spacebar to enable auto-complete. For more information about aggregation analysis rule parameters, see Aggregation analysis rule - query controls. For more information about list analysis rule parameters, see List analysis rule - query controls.
Import from file	Select your JSON file from your local drive. Choose Open. The Analysis rule definition displays the analysis rule from the uploaded file.

If you choose...

Then ...

Insert template

Specify the parameters for the selected analysis rule in the Analysis rule definition.
You can press Ctrl + Spacebar to enable auto-complete.

For more information about aggregation analysis rule parameters, see Aggregation analysis rule - query controls.

For more information about list analysis rule parameters, see List analysis rule - query controls.

Import from file

Select your JSON file from your local drive.
Choose Open.

The Analysis rule definition displays the analysis rule from the uploaded file.

Choose Next.
Under Step 3: Review and configure, review the selections you’ve made for the previous steps, edit if necessary, and then choose Configure analysis rule.

You receive a confirmation message that you’ve successfully configured an analysis rule for the table.

Next steps

Now that you configured an analysis rule to your configured table, you are ready to:

Associate a configured table to a collaboration
Query the data tables (as a member who can query)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating a configured table

Associating a configured table to a collaboration