Creating a collaboration in AWS Clean Rooms
A collaboration is a secure logical boundary in AWS Clean Rooms in which members can perform SQL queries on configured tables.
Any member in AWS Clean Rooms can create a collaboration.
The collaboration creator can designate a single member to query and receive results. However, the collaboration creator might want to prevent the member who can query from having access to the query results. In that case, the collaboration creator can designate one member to who can query and another member who can receive results.
In most cases, the member who can query is also the member paying for query compute costs. However, the collaboration creator can configure a different member to be responsible for paying for the query compute costs.
For information about how to create a collaboration using the AWS SDKs, see the AWS Clean Rooms API Reference.
Create a collaboration
Before you begin, make sure that you have completed the following prerequisites:
-
You have the name and AWS account ID for each member that you want to invite to the collaboration.
-
You have permission to share the name and AWS account ID for each member with all members of the collaboration.
Note
You can’t add more members after the collaboration is created.
To create a collaboration using the AWS Clean Rooms console
-
Sign in to the AWS Management Console and open the AWS Clean Rooms console
with the AWS account that will function as the collaboration creator. -
In the left navigation pane, choose Collaborations.
-
In the upper right corner, choose Create collaboration.
-
For Step 1: Define collaboration, do the following:
-
For Details, enter the Name and Description of the collaboration.
This information will be visible to collaboration members who are invited to participate in the collaboration. The Name and Description helps them understand what the collaboration is in reference to.
-
For Members:
-
For Member 1: You, enter your Member display name as you want it to appear for the collaboration.
Note
Your AWS account ID is included automatically for Member AWS account ID.
-
For Member 2, enter the Member display name and Member AWS account ID for the member that you want to invite to the collaboration.
The Member display name and Member AWS account ID will be visible to everyone invited to the collaboration. After you enter and save the values for these fields, they are not editable.
Note
You must inform the collaboration member that their Member AWS account ID and Member display name will be visible to all invited and active collaborators in the collaboration.
-
If you want to add another member, choose Add another member. Then enter the Member display name and Member AWS account ID for each member who can contribute data that you want to invite to the collaboration.
-
-
For Member abilities, choose one of the following,
If you want to ... Then ... Query the data in the collaboration and receive the results -
Choose yourself as the member who can Run queries.
-
Leave the default setting of the member who can Receive results is the Same as who runs queries.
Query the data in the collaboration and assign a different member to receive results -
Choose yourself as the member who can Run queries.
-
Select the member who can Receive results from the dropdown list.
Receive the results of the query in the collaboration and assign a different member to query the data -
Select the member who can Run queries from the dropdown list.
-
Choose yourself as member who can Receive results from the dropdown list.
Create and manage the collaboration, assign a different member to query the data, and assign a different member to receive results -
Select the member who can Run queries from the dropdown list.
-
Select the member who can Receive results from the dropdown list.
-
-
For Payment configuration, choose one of the following:
If you want to ... Then ... Assign the member who can Run queries to be the member who pays for the query compute costs Leave the default setting of the member who will Pay for queries is the Same as who runs queries. Assign a different member to pay for the query compute costs Select the member who will Pay for queries from the dropdown list. -
If you want to enable Query logging, select the Support query logging for this collaboration check box.
-
If you want to enable the Cryptographic computing capability, select the Support cryptographic computing in this collaboration check box and choose the following Cryptographic computing parameters:
-
Allow cleartext columns
Choose No if you don't want cleartext columns allowed in the encrypted table.
Choose Yes if you want cleartext columns allowed in the encrypted table.
To run SUM or AVG on certain columns, the columns must be in cleartext.
-
Allow duplicates
Choose No if you don't want duplicate entries allowed in a fingerprint column.
Choose Yes if you want duplicate entries allowed in a fingerprint column.
-
Allow JOIN of columns with different names
Choose No if you don't want to join fingerprint columns with different names.
Choose Yes if you want to join fingerprint columns with different names.
-
Preserve NULL values
Choose No if you don't want to preserve NULL values. NULL values won't appear as NULL in an encrypted table.
Choose Yes if you want to preserve NULL values. NULL values will appear as NULL in an encrypted table.
For more information about Cryptographic computing parameters, see Cryptographic computing parameters.
For more information about how to encrypt your data for use in AWS Clean Rooms, see Preparing encrypted data tables with Cryptographic Computing for Clean Rooms.
Note
Verify these configurations carefully before completing the next step. After you create the collaboration, you can only edit the collaboration name, description, and whether the query logs are stored in Amazon CloudWatch Logs.
-
-
If you want to enable Tags for the collaboration resource, choose Add new tag and then enter the Key and Value pair.
-
Choose Next.
-
-
For Step 2: Configure membership, do the following:
-
Choose one option:
If you choose... Then ... Yes, join by creating membership now Both the collaboration and your membership are created. Your status in the collaboration is active.
No, I will create a membership later Only the collaboration is created. Your status in the collaboration is inactive.
-
If you are the member who can Receive results, under Query results settings defaults, choose one option:
If you ... Then ... Keep the Set default settings now check box selected. (It is selected by default.) -
For the Results destination in Amazon S3, enter the Amazon S3 destination.
-
For the query Result format, choose either CSV or PARQUET.
Clear the Set default settings now check box Only the collaboration is created. Your status in the collaboration is inactive.
-
-
If you chose to enable Query logging in step 4.e, choose one of the following options for Log storage in Amazon CloudWatch Logs:
If you choose... Then ... Turn on The query logs relevant to you are stored in Amazon CloudWatch Logs. Each member can receive only logs for queries that they initiated or that contain their data.
The member who can receive results also receives logs for all queries run in a collaboration, even if their data is not accessed in a query.
Turn off The query logs relevant to you aren't stored in your Amazon CloudWatch Logs account. Note
After you turn on Query logging, it can take a few minutes for log storage to be set up and start receiving logs in Amazon CloudWatch Logs. During this brief period, the member who can query might run queries that don’t actually send logs.
-
If you want to enable Tags for the membership resource, choose Add new tag and then enter the Key and Value pair.
-
If you are the member who is Paying for queries, indicate your acceptance by selecting the I agree to pay for the query compute costs in this collaboration check box.
Note
You must select this check box to proceed.
For more information about how pricing is calculated, see Pricing for AWS Clean Rooms.
If you are the member paying for query compute costs but not the member who can query, it is recommended that you use AWS Budgets to configure a budget for AWS Clean Rooms and receive notifications once the maximum budget has been reached. For more information about setting up a budget, see Managing your costs with AWS Budgets in the AWS Cost Management User Guide. For more information about setting up notifications, see Creating an Amazon SNS topic for budget notifications in the AWS Cost Management User Guide. If the maximum budget has been reached, you can contact the member who can run queries or leave the collaboration. If you leave the collaboration, no more queries will be allowed to run, and therefore you will no longer be billed for query compute costs.
-
Choose Next.
-
-
For Step 3: Review and create, do the following:
-
Review the selections that you made for the previous steps and edit if necessary.
-
Choose one of the following:
If you have chosen to... Then choose... Create a membership with the collaboration (Yes, join by creating membership now) Create collaboration and membership Create the collaboration, and not to create a membership at this time (No, I will create a membership later) Create collaboration
-
After your collaboration has been created successfully, you can see the collaboration details page under Collaborations.
Next steps
You are now ready to:
-
Prepare your data table to be queried in AWS Clean Rooms. (Optional if you want to query your own data.)
-
Associate the configured table to your collaboration. (Optional if you want to query your own data.)
-
Configure an analysis rule for the configured table. (Optional if you want to query your own data.)
