AWS Clean Rooms Cheat Sheet

• AWS Clean Rooms provide a secure, privacy-enhanced collaboration environment for analyzing shared datasets without exposing underlying data.

• Allows fast collaboration setup with minimal configuration, enabling users to analyze datasets where they reside (AWS or Snowflake).

• No need to move or extract data for collaborative analysis.

Features

• Fast Setup: Use AWS Management Console or API to create collaboration spaces in minutes.

• Zero‑ETL Data Collaboration: Analyze data without transferring it from AWS or Snowflake.

• Privacy Controls:

  • Differential Privacy: Protects against re-identification by obfuscating outputs.

  • Cryptographic Computing: Keeps data encrypted during use and processing (C3R).

  • Role-Based Access: Control who can run queries and access results.

  • Audit Logs: Track query usage for security and compliance.

• Analytics Flexibility:

  • Perform queries using PySpark, SQL, or bring your machine learning models.

  • Built-in Analysis Builder allows non-technical users to create queries without writing SQL.

• ML Support:

  • Use custom models or Lookalike Modeling to create enhanced audience segments.

  • Integrate with AWS Entity Resolution to match customer records across data sources.



• Custom Roles: Assign users specific roles for tasks like running queries and managing results.

Use Cases

• Collaborate securely on audience segmentation and joint measurement between advertisers and publishers.

• HIPAA-eligible data sharing for collaborative clinical research, while maintaining patient confidentiality.

• Securely detect fraud and analyze risk with shared, privacy-preserved financial data.

• Gain insights from operational, engagement, and partner data while ensuring customer privacy.

• Collaborate on clinical trials by analyzing datasets in a privacy-preserving manner.

Security

• Private Data Collaboration: Data remains encrypted, and sensitive information is never shared between parties.

• Differential Privacy: Ensures statistical outputs are obfuscated to protect individual data points.

• Role-Based Access Control: Limit who can run queries and receive results to safeguard data integrity.

• Cryptographic Computing (C3R): Enables computation on encrypted data to preserve confidentiality.

• Audit Trails: Maintain logs of all actions and queries for compliance and auditing.

Pricing

• Compute Pricing:

  • Billed based on Clean Room Processing Units (CRPU) for compute resources.

  • CRPUs are billed per second, with a 10-minute minimum.

• Free Tier:

  • Get 9 CRPU-hours per month for SQL-based analysis for the first 12 months.

• ML Pricing:

  • Custom ML model training/inference charges are based on the number of records processed.

  • Lookalike Modeling: Pricing per 1,000 profiles created.

• Entity Resolution:

  • Pay per 1,000 records matched for privacy-preserving customer data resolution.

• Regional Availability:

  • Available in multiple AWS regions like US (N. Virginia, Ohio), Asia Pacific (Singapore, Tokyo), and Europe (London, Frankfurt).

References:

https://aws.amazon.com/clean-rooms/

https://docs.aws.amazon.com/clean-rooms/latest/userguide/what-is.html

https://aws.amazon.com/clean-rooms/pricing/