Limitations of AWS Clean Rooms Differential Privacy

AWS Clean Rooms Differential Privacy does not address the following situations:

AWS Clean Rooms Differential Privacy does not address timing attacks. For example, these attacks are possible in scenarios where an individual user contributes a large number of rows and adding or removing this user significantly changes the query computation time.
AWS Clean Rooms Differential Privacy does not guarantee differential privacy when a SQL query can result in overflow or invalid cast errors at run time due to the use of certain SQL constructs. The following table is a list of some, but not all, SQL constructs that may produce run-time errors and should be verified in analysis templates. We recommend that you approve analysis templates that minimize the chances of such run-time errors and periodically review query logs to determine if the queries align with the collaboration agreement.

The following SQL constructs are vulnerable to overflow errors:
- Aggregate functions - AVG, LISTAVG, PERCENTILE_COUNT, PERCENTILE_DISC, SUM/SUM_DISTINCT
- Data type formatting functions - TO_TIMESTAMP, TO_DATE
- Date and time functions - ADD_MONTHS, DATEADD, DATEDIFF
- Math functions - +, -, *, /, POWER
- String functions - ||, CONCAT, REPEAT, REPLICATE
- Window functions - AVG, LISTAGG, PERCENTILE_COUNT, PERCENTILE_DISC, RATIO_TO_REPORT, SUM
The CAST data type formatting function is vulnerable to invalid cast errors.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

SQL query tips and examples

AWS Clean Rooms ML