Do you store your organizational data in multiple clouds? Azure Purview offers a unified solution to discover and govern your organizational data residing across different clouds. You can now explore your data and discover sensitive data across your data estate, including both Azure storage services and Amazon S3 buckets, in one centralized place.
The Azure Purview roadmap includes additions for even more non-Azure storage services and aims to strengthen Azure Purview’s multi-cloud capabilities, empowering data administrators to maximize the value of their data with a single view across clouds.
Scanning data in a remote cloud
Azure Purview uses unique technology to classify data in AWS, including an easy setup and configuration process while complying with the highest Microsoft standards for data privacy:
The Purview scanning setup ensures full data privacy by classifying Amazon S3 data locally in AWS. The classification service uses full data isolation and does not store any data in the Microsoft account in AWS. Only the classification results and metadata are sent to the Azure Purview data map, where it is displayed for administrators together with the classification results from Azure services.
Now, let’s get started:
In a process similar to how to add Azure data sources in Purview, you first need to register the Amazon S3 bucket as a Purview data source, and then initiate your scan.
You can either register one Amazon S3 bucket for scanning a single bucket or register an AWS account for scanning all or selected S3 buckets in the account.
When setting up the scan of an Amazon S3 bucket or an AWS account, you need to provide the Purview scanner credentials to access the organization’s S3 buckets. To grant this access, you first need to create a role in AWS Identity and Access Management. This role requires read-only access to the S3 buckets you wish to scan. If the buckets are KMS-encrypted, a decrypt permission is needed as well.
To keep your buckets secure and ensure this new role can only be used for your Purview scanning, use these configurations when creating the role:
You get both the Microsoft account ID and the external ID values when you create a Purview credential object. You’ll need to copy-paste them into the AWS Identity and Access Management role creation screens:
Once the role is created in AWS, copy the role ARN value from AWS and paste it in the Purview credential object in the Purview portal. Then use the credential object to initiate a scan on your Amazon S3 bucket or AWS account.
In the Azure Purview Data Insights reports, see a unified view of all scanned data, including Amazon S3.
Get started today!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.