AWS Security ChangesHomeSearch

AWS clean-rooms high security documentation change

Service: clean-rooms · 2025-03-19 · Security-related high

File: clean-rooms/latest/userguide/add-analysis-rule.md

Summary

Updated analysis rule configuration steps with emphasis on differential privacy controls, removed PySpark references, and reorganized security-related settings

Security assessment

Added detailed documentation about differential privacy configuration (mathematically-proven protection against re-identification) and specific guidance for user identifier columns. Removed PySpark job support which reduces attack surface.

Diff

diff --git a/clean-rooms/latest/userguide/add-analysis-rule.md b/clean-rooms/latest/userguide/add-analysis-rule.md
index 21a972582..3712db2ec 100644
--- a/clean-rooms/latest/userguide/add-analysis-rule.md
+++ b/clean-rooms/latest/userguide/add-analysis-rule.md
@@ -63 +63 @@ Configured tables using non-S3 data sources only support custom analysis rules.
-  5. Under **Step 1: Choose analysis rule type** , under **Analysis rule type** , choose the **Aggregation** option.
+  5. Under **Step 1: Choose type** , under **Type** , leave the **Aggregation** option selected by default.
@@ -178 +178 @@ Configured tables using non-S3 data sources only support custom analysis rules.
-  5. Under **Step 1: Choose analysis rule type** , under **Analysis rule type** , choose the **List** option.
+  5. Under **Step 1: Choose type** , under **Type** , choose the **List** option.
@@ -214 +214 @@ You see a confirmation message that you’ve successfully configured a list anal
-The custom analysis rule enables custom SQL queries or PySpark jobs on a configured table. The custom analysis rule is required if you're using:
+The custom analysis rule enables custom SQL queries on a configured table. The custom analysis rule is required if you're using:
@@ -216 +216 @@ The custom analysis rule enables custom SQL queries or PySpark jobs on a configu
-  * [Analysis templates](./create-analysis-template.html) to allow a specific set of pre-approved SQL queries or PySpark jobs or a specific set of accounts that can provide queries that use your data.
+  * [Analysis templates](./create-analysis-template.html) to allow a specific set of pre-approved SQL queries or a specific set of accounts that can provide queries that use your data.
@@ -237 +237 @@ This procedure describes the process of adding the custom analysis rule to your
-  5. Under **Step 1: Choose analysis rule type** , under **Analysis rule type** , choose the **Custom** option.
+  5. Under **Step 1: Choose type** , under **Type** , choose the **Custom** option.
@@ -241 +241 @@ This procedure describes the process of adding the custom analysis rule to your
-  7. Under **Step 2: Specify analysis controls** , for **Direct analysis controls** , choose an option based on your goal.
+  7. Under **Step 2: Set differential privacy** , determine whether you want differential privacy turned on or off. Differential privacy is a mathematically-proven technique to protect your data from re-identification attacks. 
@@ -243 +243,7 @@ This procedure describes the process of adding the custom analysis rule to your
-Your goal | Recommended action  
+###### Note
+
+AWS Clean Rooms Differential Privacy is only available for collaborations using AWS Clean Rooms SQL as the analytics engine and data stored in Amazon S3.
+
+    1. For **Differential privacy** :
+
+If you... | Then choose ...  
@@ -245,12 +251,2 @@ Your goal | Recommended action
-Review each new analysis before it is allowed to be run on this configured table | 
-    1. Under **Analysis templates allowed to be run** , choose **Add analysis template**.
-    2. Choose the appropriate **Collaboration** and the **Analysis template** from the dropdown lists.
-    3. Choose **Next**.   
-Allow specific collaborators to run any analyses of a chosen type without review on this table | 
-    1. Under **Analysis type** ,
-      1. Choose **Any query** to allow any query created by the AWS account you specify.
-      2. Choose **Any query** to allow any job created by the AWS account you specify.
-    2. Under **AWS accounts allowed to create any analysis** , choose **Add AWS account**.
-    3. Enter an AWS account or choose the an **AWS account ID**. from the dropdown list.
-    4. (Optional) Choose **Add another AWS account** to add another AWS account.
-    5. Choose **Next**.   
+Have user-level data and you want protection against re-identification attempts | **Turn on**  
+Don't have user-level data or don't need protection against re-identification attempts | **Turn off**  
@@ -258 +254 @@ Allow specific collaborators to run any analyses of a chosen type without review
-  8. Under **Step 3: Specify analysis results controls** , 
+    2. If you have chosen to **Turn on** differential privacy, select the **User identifier column** that contains the unique identifier of your users, such as the `user_id` column, whose privacy you want to protect. 
@@ -260 +256 @@ Allow specific collaborators to run any analyses of a chosen type without review
-    1. For **Job results controls** , note that no additional results controls are supported.
+To turn on differential privacy for two or more tables in a collaboration, you must configure the same column as the **User identifier column** in both analysis rules to maintain a consistent definition of users across tables. In case of a misconfiguration, the member who can query receives an error message that there are two columns to choose from in order to compute the number of user contributions (for example, the number of ad impressions made by a user) while running the query.
@@ -262 +258 @@ Allow specific collaborators to run any analyses of a chosen type without review
-    2. Under **Query results controls** , for **Columns not allowed in output** , choose the columns you want to be allowed in the query output, based on your goal.
+    3. Choose **Next**.
@@ -264 +260,5 @@ Allow specific collaborators to run any analyses of a chosen type without review
-Your goal | Recommended action  
+  8. Under **Step 3: Specify query controls** ,
+
+    1. For **Control type** , choose an option based on your goal.
+
+Your goal | Option  
@@ -266,6 +266,2 @@ Your goal | Recommended action
-Allow all columns to be returned in query outputs | 
-      1. Choose **None**
-      2. Proceed to **Additional analyses applied to output**.  
-Disallow certain columns from being returned in query outputs | 
-      1. Choose **Custom list**
-      2. Under **Specify disallowed columns** , choose the columns that you want removed from query outputs.  
+Review each new analysis template before it's run on your configured table | **Review each new analysis before it is allowed to be run on this table**  
+Let any analysis template or direct query be performed on your configured table | **Allow any queries created by specific collaborators to run without review on this table**  
@@ -273 +269 @@ Disallow certain columns from being returned in query outputs |
-    3. For **Additional analyses applied to output** choose whether additional analyses can be applied to the query output, based on your goal.
+    2. Choose one of the following:
@@ -275 +271 @@ Disallow certain columns from being returned in query outputs |
-Your goal | Recommended option  
+If you've chosen ... | Then ...  
@@ -277,8 +273,2 @@ Your goal | Recommended option
-       * Allow only direct queries on this table. 
-       * Deny additional analyses from being run on query results. 
-       * The table can only be used for direct querying.
-| **Not allowed**  
-Allow but don’t require both direct queries and additional analyses on this table. | **Allow**  
-       * Require that the table can only be used in direct queries that are processed with one of the required additional analyses. 
-       * Direct queries on this table must be further processed before they can be returned.
-| **Required**  
+**Review each new analysis before it is allowed to be run on this table** | Under **Analysis templates allowed to be run** , choose **Add analysis template** , and then choose the appropriate **Collaboration** and the **Analysis template** from the dropdown lists.  
+**Allow any queries created by specific collaborators to run without review on this table** | Under **AWS accounts allowed to create any query** , choose **Add AWS account** , and then choose the appropriate **AWS account ID**.  
@@ -286 +276 @@ Allow but don’t require both direct queries and additional analyses on this ta
-    4. Choose **Next**.
+  9. Choose **Next**.
@@ -288 +278 @@ Allow but don’t require both direct queries and additional analyses on this ta
-  9. (Optional) Under **Step 4: Set differential privacy** , determine whether you want differential privacy turned on or off. 
+  10. Under **Step 4: Specify query results controls** , 
@@ -290 +280 @@ Allow but don’t require both direct queries and additional analyses on this ta
-Differential privacy is a mathematically-proven technique to protect your data from re-identification attacks. 
+    1. For **Columns not allowed in output** , choose one an option based on your goal.
@@ -292 +282,4 @@ Differential privacy is a mathematically-proven technique to protect your data f
-###### Note
+Your goal | Recommended option  
+---|---  
+Allow all columns to be returned in query outputs | **None**  
+Disallow certain columns from being returned in query outputs | **Custom list**  
@@ -294 +287 @@ Differential privacy is a mathematically-proven technique to protect your data f
-AWS Clean Rooms Differential Privacy is only available for collaborations using AWS Clean Rooms SQL as the analytics engine and data stored in Amazon S3.
+    2. Choose one of the following:
@@ -296 +289,6 @@ AWS Clean Rooms Differential Privacy is only available for collaborations using
-For **Differential privacy** , choose whether to turn differential privacy on or off, based on your goal.
+If you've chosen ... | Then ...  
+---|---  
+**None** | Proceed to **Additional analyses applied to output**  
+**Custom list** | Under **Specify disallowed columns** , choose the columns that you want removed from query outputs.  
+  
+    3. For **Additional analyses applied to output** select an option based on your goal.
@@ -298 +296 @@ For **Differential privacy** , choose whether to turn differential privacy on or
-Your goal | Recommended action  
+Your goal | Recommended option  
@@ -300,11 +298,5 @@ Your goal | Recommended action
-     * You don't require protection against re-identification attempts 
-     * Your table doesn't have user-level data 
-| 
-    1. Choose **Turn off**.
-    2. Choose **Next**.  
-     * You require protection against re-identification attempts
-     * Your table has user-level data 
-| 
-    1. Choose **Turn on**.
-    2. Select the **User identifier column** that contains the unique identifier of your users, such as the `user_id` column, whose privacy you want to protect.  To turn on differential privacy for two or more tables in a collaboration, you must configure the same column as the **User identifier column** in both analysis rules to maintain a consistent definition of users across tables. In case of a misconfiguration, the member who can query receives an error message that there are two columns to choose from in order to compute the number of user contributions (for example, the number of ad impressions made by a user) while running the query.
-    3. Choose **Next**.  
+Allow only direct queries on this table. Deny additional analyses from being run on query results. The table can only be used for direct querying. | **Not allowed**  
+Allow but don’t require both direct queries and additional analyses on this table. | **Allow**  
+Require that the table can only be used in direct queries that are processed with one of the required additional analyses. Direct queries on this table must be further processed before they can be returned. | **Required**  
+  
+  11. Choose **Next**.
@@ -312 +304 @@ Your goal | Recommended action
-  10. Under **Step 5: Review and configure** , review the selections you’ve made for the previous steps, edit if necessary, and then choose **Configure analysis rule**.
+  12. Under **Step 5: Review and configure** , review the selections you’ve made for the previous steps, edit if necessary, and then choose **Configure analysis rule**.
@@ -337 +329 @@ Configured tables using non-S3 data sources only support custom analysis rules.
-  5. Under **Step 1: Choose analysis rule type** , under **Analysis rule type** , choose either the **Aggregation** , **List** , or **Custom** option.
+  5. Under **Step 1: Choose type** , under **Type** , choose either the **Aggregation** , **List** , or **Custom** option.
@@ -368 +360 @@ Now that you configured an analysis rule to your configured table, you are ready
-  * [Query the data tables](./running-sql-queries.html) (as a member who can query)
+  * [Query the data tables](./query-data.html) (as a member who can query)