Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS Clean Rooms Glossary

PDF
RSS
Focus mode
AWS Clean Rooms Glossary - AWS Clean Rooms
Aggregation analysis ruleAnalysis rulesAnalysis templateC3R encryption clientCleartext columnCollaborationCollaboration creatorConfigured tableCustom analysis ruleDecryptionDifferential privacyEncryptionFingerprint columnID mapping workflow methodID mapping tableID mapping table analysis ruleID mapping workflowID namespaceID namespace associationJobList analysis ruleLookalike modelLookalike segmentMemberMember who can queryMember who can run queries and jobsMember who can receive resultsMember paying for query compute costsMember paying for query and job compute costsMembershipSealed columnSeed dataQuery

Consult this glossary to become familiar with terminology that is used for AWS Clean Rooms.

Aggregation analysis rule

The query restriction that allows queries that aggregate analysis using COUNT, SUM, or AVG functions along optional dimensions. These queries won't reveal row-level information.

Supports use cases such as campaign planning, media reach, frequency, and conversion measurement.

Other types of analysis rules are custom and list.

Analysis rules

The query restrictions that authorize a specific type of query.

The analysis rule type determines what kind of analysis can be run on the configured table. Each type has a predefined query structure. You control how your table columns can be used in the structure through the query controls.

The types of analysis rules are aggregation, list, and custom.

Analysis template

A collaboration-specific, pre-approved query that can be reused.

Supported formats: SQL code or Python code for Spark.

If using SQL, the analysis template can contain parameters wherever a literal value could typically appear in a SQL query. For more information about supported parameter types, see Data types in the AWS Clean Rooms SQL Reference.

Analysis templates only work with the custom analysis rule.

C3R encryption client

The Cryptographic Computing for Clean Rooms (C3R) encryption client.

Used to encrypt and decrypt data, C3R is a client-side encryption SDK with a command line interface.

Cleartext column

A column that isn't cryptographically protected for either a JOIN or SELECT SQL construct.

Cleartext columns can be used in any part of the SQL query.

Collaboration

A secure logical boundary in AWS Clean Rooms in which members can perform SQL queries on configured tables.

Collaborations are created by the collaboration creator.

Only members who have been invited to the collaboration can join the collaboration.

A collaboration can have only one member who can querydata or one member who can run queries and jobs.

A collaboration can have only one member who can receive results.

A collaboration can have only one member paying for query compute costs or one member paying for query and job compute costs.

All members can see the list of invited participants in the collaboration before they join the collaboration.

Collaboration creator

The member who creates a collaboration.

There is only one collaboration creator per collaboration.

Only the collaboration creator can remove members from the collaboration or delete the collaboration.

Configured table

Each configured table represents a reference to an existing table in the AWS Glue Data Catalog that has been configured for use in AWS Clean Rooms. A configured table contains an analysis rule that determines how the data can be used.

Currently, AWS Clean Rooms supports associating data stored in Amazon Simple Storage Service (Amazon S3) that is cataloged through AWS Glue.

For more information about AWS Glue, see the AWS Glue Developer Guide.

Configured tables can be associated to one or more collaborations.

Note

AWS Clean Rooms doesn't currently support Amazon S3 bucket locations that are registered with AWS Lake Formation.

Custom analysis rule

The query restriction that allows a specific set of pre-approved queries (analysis templates) or allows a specific set of accounts that can provide queries or jobs that use your data.

Supports use cases such as first-touch attribution, incremental analyses, and audience discovery analyses.

Supports differential privacy.

Other types of analysis rules are aggregation and list.

Decryption

The process of transforming encrypted data back to its original form. Decryption can only be performed if you have access to the secret key.

Differential privacy

A mathematically-rigorous technique that protects the collaboration data from the member who can receive results learning about a specific individual.

Encryption

The process of encoding data into a form that appears random using a secret value called a key. It's impossible to determine the original plaintext without access to the key.

Fingerprint column

A column that is cryptographically protected for a JOIN SQL construct.

ID mapping workflow method

How you want the ID mapping to be performed.

There are two ID mapping workflow methods:

  • Rule-based ID mapping – The method by which you use matching rules to translate first-party data from a source to a target in an ID mapping workflow.

  • Provider services ID mapping – The method by which you use a provider service to translate third party-encoded data from a source to a target in an ID mapping workflow.

    AWS Clean Rooms currently supports LiveRamp as the provider services-based ID mapping workflow method. You must have a subscription to LiveRamp through AWS Data Exchange to use this method. For more information, see Subscribe to a provider service on AWS Data Exchange in the AWS Entity Resolution User Guide.

ID mapping table

A resource in AWS Clean Rooms that enables either first-party matching rules or multi-party identity transcoding in a collaboration.

A ID mapping table is a reference to an existing table in the AWS Glue Data Catalog. It contains an ID mapping table analysis rule that determines how the data can be queried in AWS Clean Rooms. ID mapping tables can be associated to one or more collaborations.

ID mapping table analysis rule

A type of analysis rule managed by AWS Clean Rooms and used to join disparate identity data to facilitate querying. It's automatically added to ID mapping tables and can't be edited. It inherits the behaviors of the other analysis rules in the collaboration – as long as those analysis rules are homogeneous.

ID mapping workflow

A data processing job that maps data from a source to a target based on the specified ID mapping workflow method. It produces an ID mapping table.

ID namespace

A resource in AWS Clean Rooms that contains metadata explaining datasets across multiple AWS accounts and how to use these datasets in an ID mapping workflow.

ID namespace association

An association of an ID namespace resource that helps you discover inputs into their ID mapping workflow.

Job

A method to access and analyze configured tables in a collaboration using a supported set of functions, classes, and variables.

AWS Clean Rooms currently supports the PySpark job type.

AWS Clean Rooms currently supports running jobs using a PySpark analysis template.

List analysis rule

The query restriction that allows queries that output row-level attribute analysis of the overlap between this table and the tables of the member who can query.

Supports use cases such as enrichment and audience building or suppression.

Other types of analysis rules are aggregation and custom.

Lookalike model

A model of a training data provider's data that allows a seed data provider to create a lookalike segment of training data provider's data that most closely resembles their seed data.

Lookalike segment

A subset of the training data that most closely resembles the seed data.

Member

An AWS customer who is a participant in a collaboration.

A member is identified using their AWS account.

All members can contribute data.

Member who can query

The member who can query data in the collaboration.

There is only one member who can query per collaboration, and that member is immutable.

An administrative user can use AWS Identity and Access Management (IAM) permissions to control which of their IAM principals (such as users or roles) can query data in the collaboration. For more information, see Create a service role to read data from Amazon S3.

Member who can run queries and jobs

The member who can run queries and jobs on the data in the collaboration.

There is only one member who can run queries and jobs per collaboration, and that member is immutable.

An administrative user can use AWS Identity and Access Management (IAM) permissions to control which of their IAM principals (such as users or roles) can run queries and jobs in the collaboration. For more information, see Create a service role to read data from Amazon S3.

Member who can receive results

The member who can receive query results. The member who can receive results specifies query results settings for the Amazon S3 destination and the query result format.

There is only one member who can receive results per collaboration, and that member is immutable.

Member paying for query compute costs

The member who is responsible for paying for query compute costs.

There is only one member who is responsible for paying for query compute costs per collaboration, and that member is immutable.

If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer.

The member paying for query compute costs receives a bill for the queries that have been run in the collaboration.

Member paying for query and job compute costs

The member who is responsible for paying for query and job compute costs.

There is only one member who is responsible for paying for query and job compute costs per collaboration, and that member is immutable.

If the collaboration creator hasn't specified anyone as the member paying for query and job compute costs, then the member who can query is the default payer.

The member paying for query and job compute costs receives a bill for the queries that have been run in the collaboration.

Membership

A resource created when a member joins a collaboration.

All resources that the member associates to a collaboration are a part of the membership or are associated with the membership.

Only the member that owns the membership can add, remove, or edit resources in that membership.

Sealed column

A column that is cryptographically protected for a SELECT SQL construct.

Seed data

The seed data provider's data, which is used to create a lookalike segment. The seed data can be provided directly or it can come from the results of an AWS Clean Rooms query. The lookalike segment output is a set of users from the training data that most closely resembles the seed users.

Query

A method to access and analyze configured tables in a collaboration, using a supported set of functions, classes, and variables.

AWS Clean Rooms currently supports the SQL query language.

AWS Clean Rooms currently supports running direct SQL queries or running queries using a SQL analysis template.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.