AWS Clean Rooms features

With AWS Clean Rooms, you can easily collaborate on multi-party data without having to move or share your raw data. You can directly permission your data in AWS and start collaborating with your partners' datasets stored in Snowflake and AWS with zero extract, transform, and load (zero-ETL). When you match records, run queries, train an ML model, or generate predictive insights, AWS Clean Rooms reads the data from where it lives. When you use AWS Entity Resolution on AWS Clean Rooms, the underlying data used to configure a dataset that maps between multiple collaborators identifiers is never shared or revealed among collaborators. When you use SQL query analysis, you can specify rules and SQL query restrictions allowed on your data, which are automatically applied to protect each participant's underlying data. For example, you can configure output constraints such as minimum aggregation thresholds. When you use AWS Clean Rooms ML, the underlying data used to train a model or generate a lookalike segment is never shared or revealed among collaborators or used by AWS to train models.

In addition to the AWS Management Console, all AWS Clean Rooms functionality is accessible with an API. You will be able to use the AWS SDKs or command line interface (CLI) to automate AWS Clean Rooms operations, integrate Clean Rooms functionality within your existing workflows and products, or create your own version of clean room offering for your customers.

With AWS Entity Resolution on AWS Clean Rooms, you and your collaborators can more easily prepare and match related customer records, inside a privacy-enhanced AWS Clean Rooms collaboration. Using rule-based or data service provider-based matching techniques, you can improve data matching for use cases such as advertising campaign planning, targeting, and measurement. You can use configurable matching logic or datasets and IDs from trusted data service providers such as LiveRamp, to connect records across devices, platforms, and channels.

Analysis rules are restrictions that give you built-in control of how your data can be analyzed. Collaboration members who create or join a collaboration as designated query runners can write queries to intersect and analyze your data tables subject to the analysis rules that you set. AWS Clean Rooms supports three types of analysis rules: aggregation, list, and custom.

Aggregation analysis rule: The aggregation analysis rule allows you to run queries that generate aggregate statistics, such as how large the intersection of two datasets is. When using the aggregation analysis rule, you can enforce that only aggregation queries can be run on your data and enforce restrictions on specific parts of the queries that run, such as what columns must be used only in a blind match and what columns can be used in aggregations such as sums, counts, or averages. You also control the minimum aggregation constraint in the output.  You can also set minimum aggregation constraints that allow you to set conditions for output row returns. These constraints are in the form of COUNT DISTINCT (Column) >= Threshold. If an output row in the query results does not meet any of the constraints it is removed for the result set. This helps you ensure that minimum aggregation thresholds are automatically enforced while providing flexibility to data collaborators who can write queries of their choice.

List analysis rule: The list analysis rule allows you to run queries that extract the row-level list of the intersection of multiple datasets, such as the overlap of two datasets. When using the list analysis rule, you can enforce that only list queries can be run on your data and enforce restrictions of the queries that run, such as what columns must be used only in a blind match and what columns can be outputted as a list in the output.

Custom analysis rule: The custom analysis rule allows you to create custom queries using most of ANSI-standard SQL, such as common table expressions (CTE) and window functions. You can also review and allow queries before collaboration partners run them, and review other collaborators' queries before they are allowed to run on your tables. When using the custom analysis rule, you can use built-in control to determine or limit, upfront, how your underlying data could be analyzed, instead of having to rely on query logs after analyses are complete. When you use custom SQL queries, you can also create or use analysis templates to store custom queries with parameters in the collaborations. This permits customers to more easily help one another in a collaboration. For example, a member who has higher SQL experience can create templates for other members to review and potentially run. It also facilitates reusable analyses in the collaboration. You can also use AWS Clean Rooms Differential Privacy by selecting a custom analysis rule and then configuring your differential privacy parameters.

AWS Clean Rooms Differential Privacy helps you protect the privacy of your users with mathematically backed and intuitive controls in a few steps. Differential privacy is a rigorous mathematical definition of data privacy protection. However, configuring this technique is complex and requires an in-depth understanding of the theory and mathematically rigorous formulas to apply it effectively. AWS Clean Rooms Differential Privacy is an intuitive, fully managed capability of AWS Clean Rooms that helps you prevent the reidentification of your users. You do not need to have prior differential privacy experience to use this capability. AWS Clean Rooms Differential Privacy obfuscates the contribution of any individual’s data from AWS Clean Rooms collaboration aggregate outputs, and it helps you run a broad range of SQL queries to unlock insights about advertising campaigns, investment decisions, clinical research, and more. You can set up AWS Clean Rooms Differential Privacy by applying a custom analysis rule in your AWS Clean Rooms collaboration. Then you can configure AWS Clean Rooms Differential Privacy with controls that are flexible to your specific business use cases and can be applied in just a few steps. AWS Clean Rooms Differential Privacy makes it easier for you to enable differential privacy in AWS Clean Rooms collaborations with a few simple choices—all without requiring any additional expertise or setup from your partners.

When you set up an AWS Clean Rooms collaboration, you can specify different abilities for each collaboration member to suit your specific SQL querying use cases. For example, if you want the query output to go to a different member, you can designate one member as the SQL query runner who can write queries and another member as the SQL query result receiver who can receive the results. This gives the collaboration creator the ability to make sure that the member who can query doesn't have access to the query results. When you set up a collaboration, you can also configure SQL query payment responsibilities and assign a chosen member to be billed for the query compute costs in the collaboration instead of the billing automatically going to the query runner. This gives more flexibility to collaborate with your partners to designate SQL responsibilities instead of anchoring them on the query runner.

With Analysis Builder, business users can get insights in a few easy steps without having to write or understand SQL. You can follow steps in the guided user interface to build queries compliant with the data restrictions that each collaborator has set on their tables based on auto-suggested criteria such as metrics, segments and filters related to your collective datasets. Use Analysis Builder in collaborations that have one or two tables configured with either aggregation or list analysis rule.

AWS Clean Rooms ML helps you and your partners apply privacy-enhancing machine learning (ML) to generate predictive insights without having to share raw data with each other. AWS Clean Rooms ML supports custom and lookalike machine learning (ML) modeling. With custom modeling, you can bring a custom model for training and run inference on collective datasets, without sharing underlying data or intellectual property among collaborators. With lookalike modeling, you can use an AWS-authored model to generate an expanded set of similar profiles based on a small sample of profiles that your partners bring to a collaboration.

AWS Clean Rooms ML helps customers with multiple use cases. For example, advertisers can bring their proprietary model and data into a Clean Rooms collaboration, and invite publishers to join their data to train and deploy a custom ML model that helps them increase campaign effectiveness; financial institutions can use historical transaction records to train a custom ML model, and invite partners into a Clean Rooms collaboration to detect potentially fraudulent transactions; research institutions and hospital networks can find candidates that are similar to existing clinical trial participants to help accelerate clinical studies; and brands and publishers can model lookalike segments of in-market customers and deliver highly-relevant advertising experiences, without either company sharing their underlying data with the other.

AWS Clean Rooms ML lookalike modeling, using an AWS-authored model, was built and tested across various datasets, such as e-commerce and streaming video, and can help you improve accuracy on lookalike modeling by up to 36%, when compared with representative industry baselines. In real-world applications such as prospecting for new customers, this accuracy improvement can translate into savings of millions of dollars.

You can run AWS Clean Rooms queries on cryptographically protected data. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a collaboration-specific shared encryption key so that data is encrypted even when queries are run. Cryptographic computing ensures that data used in collaborative computations remains encrypted at rest, in transit, and in use (while being processed).

Cryptographic Computing for Clean Rooms (C3R) is an open source Java SDK with a CLI, available in GitHub. This feature is available at no additional charge. If you have big data, you can review the documentation to see how C3R can be integrated into Apache Spark.

This feature is the latest of a broad range of AWS cryptographic computing tools built to help you meet your security and compliance needs while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers.