Connections > Amazon SageMaker Lakehouse connection properties > Connect to Amazon SageMaker Lakehouse

Connect to Amazon SageMaker Lakehouse

Let's configure the Amazon SageMaker Lakehouse connection properties to connect to Amazon SageMaker Lakehouse and read Apache Iceberg tables managed by AWS Glue Catalog or S3 table catalog.

Before you begin

Before you get started, you need to create IAM policies with the minimum required permissions to interact with Apache Iceberg tables and configure the authentication-specific prerequisites for Amazon S3 storage.

Connection details

The following table describes the basic connection properties:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	Amazon SageMaker Lakehouse
Use Secret Vault	Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. This property is not supported by Data Ingestion and Replication. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. For information about how to configure and use a secrets manager, see Secrets manager configuration.
Runtime Environment	The name of the runtime environment where you want to run tasks. Select a Secure agent or serverless runtime environment. Hosted Agent is not applicable for mappings in advanced mode. For more information about how to configure and use the runtime environments, see Runtime environments.
Lakehouse Pattern	The pattern of Amazon SageMaker Lakehouse. Pattern is a combination of catalog type and storage type that you want to connect to. Select one of the following options: - S3 Data Lake. To read from and write to Apache Iceberg tables that are managed by the AWS Glue Data catalog and stored in Amazon S3. - S3 Tables. To read from and write to Apache Iceberg tables that are managed by the S3 table catalog and stored in Amazon S3.
Athena JDBC URL	The JDBC URL to connect to Amazon Athena. Enter the JDBC URL in the following format: jdbc:athena://Region=<AWS_Region>;OutputLocation=<S3_Location>

Storage authentication type

You can use Permanent IAM Credentials or EC2 Role to Assume Role authentication types to connect to Amazon S3 storage.

Permanent IAM Credentials authentication

The Permanent IAM Credentials authentication requires the access key and secret key values to connect to Amazon S3 storage.

The following table describes the properties to configure Permanent IAM Credentials authentication:

Property	Description
Access Key	The AWS Access Key ID that uniquely identifies your IAM user credentials to access Amazon S3 storage.
Secret Key	The AWS Secret Access Key that authenticates your Access Key ID for secure access to your Amazon S3 data.

EC2 Role to Assume Role authentication

The EC2 Role to Assume Role authentication requires the ARN of the IAM role assumed by the EC2 role.

The following table describes the properties to configure EC2 Role to Assume Role authentication:

Property	Description
IAM Role ARN	The ARN of the IAM role assumed by the EC2 role to generate the temporary session credentials.

Advanced settings

The following table describes the advanced connection properties:

Property	Description
External ID	A unique, user-defined string value that the IAM role requires the EC2 role to provide when calling the sts:AssumeRole API.