Deploy DataHub utilizing AWS managed providers and ingest metadata from AWS Glue and Amazon Redshift – Half 1



Many organizations are establishing enterprise knowledge warehouses, knowledge lakes, or a contemporary knowledge structure on AWS to construct data-driven merchandise. Because the group grows, the variety of publishers and subscribers to knowledge and the amount of information retains growing. Moreover, completely different styles of datasets are launched (structured, semistructured, and unstructured). This will result in metadata administration points, and the next questions:

  • “Can I belief this knowledge?”
  • “The place does this knowledge (lineage) come from?”
  • “How correct is that this knowledge?”
  • “What does this column imply in my enterprise terminology?”
  • “Who’s the proprietor of this knowledge?”
  • “When was the information final refreshed?”
  • “How can I classify the information (PII, non-PII, and so forth) and construct knowledge governance?”

Metadata conveys each technical and enterprise context that can assist you perceive your knowledge higher and use it appropriately. It gives two major sorts of details about knowledge belongings:

  • Technical metadata – Details about the construction of the information, equivalent to schema and the way the information is populated
  • Enterprise metadata – Info in enterprise phrases, equivalent to desk and column description, proprietor, and knowledge profile

Metadata administration turns into a key component to permit customers (knowledge analysts, knowledge scientists, knowledge engineers, and knowledge homeowners) to find and find the proper knowledge belongings to deal with enterprise necessities and carry out knowledge governance. Some widespread options of metadata administration are:

  • Search and discovery – Information schemas, fields, tags, utilization info
  • Entry management – Entry management, teams, customers, insurance policies
  • Information lineage – Pipeline runs, queries, transformation logic
  • Compliance – Taxonomy of information privateness, compliance annotation sorts
  • Classification – Classify completely different datasets and knowledge parts
  • Information high quality – Information high quality rule definitions, run outcomes, knowledge profiles

These options may also help organizations construct commonplace metadata administration processes, which may also help take away redundancy and inconsistency in knowledge belongings, and permit customers to collaborate and construct richer knowledge merchandise shortly.

On this two-part sequence, we talk about how one can deploy DataHub on AWS utilizing managed providers with the AWS Cloud Improvement Package (AWS CDK), populate technical metadata from the AWS Glue Information Catalog and Amazon Redshift into DataHub, and increase knowledge with a enterprise glossary and visualize knowledge lineage of AWS Glue jobs.

On this submit, we deal with step one: deploying DataHub on AWS utilizing managed providers with the AWS CDK. This can permit organizations to launch DataHub utilizing AWS managed providers and start the journey of metadata administration.

Why DataHub?

DataHub is likely one of the hottest open-source metadata administration platforms. It permits end-to-end discovery, knowledge observability, and knowledge governance. It has a wealthy set of options, together with metadata ingestion (automated or programmatic), search and discovery, knowledge lineage, knowledge governance, and lots of extra. It gives an extensible framework and helps federated knowledge governance.

DataHub provides out-of-the-box help to ingest metadata from completely different sources like Amazon Redshift, the AWS Glue Information Catalog, Snowflake, and lots of extra.

Overview of answer

The next diagram illustrates the answer structure and its elements:

  1. DataHub runs on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster, utilizing Amazon OpenSearch Service, Amazon Managed Streaming for Apache Kafka (Amazon MSK), and Amazon RDS for MySQL because the storage layer for the underlying knowledge mannequin and indexes.
  2. The answer pulls technical metadata from AWS Glue and Amazon Redshift to DataHub.
  3. We enrich the technical metadata with a enterprise glossary.
  4. Lastly, we run an AWS Glue job to rework the information and observe the information lineage in DataHub.

Within the following sections, we reveal how one can deploy DataHub and provision completely different AWS managed providers.


We’d like kubectl, Helm, and the AWS Command Line Interface (AWS CLI) to arrange DataHub in an AWS atmosphere. We are able to full all of the steps both from an area desktop or utilizing AWS Cloud9. In case you’re utilizing AWS Cloud9, comply with the directions within the subsequent part to spin up an AWS Cloud9 atmosphere, in any other case skip to the following step.

Arrange AWS Cloud9

To get began, you want an AWS account, ideally free from any manufacturing workloads. AWS Cloud9 is a cloud-based IDE that allows you to write, run, and debug your code with only a browser. AWS Cloud9 comes preconfigured with lots of the dependencies we require for this submit, equivalent to git, npm, and the AWS CDK.

Create an AWS Cloud9 atmosphere from the AWS Administration Console with an occasion sort of t3.small or bigger. Present the required identify, and go away the remaining default values. After your atmosphere is created, it’s best to have entry to a terminal window.

You have to improve the scale of the Amazon Elastic Block Retailer (Amazon EBS) quantity hooked up to your AWS Cloud9 occasion to no less than 50 GB, as a result of the default dimension (10 GB) will not be sufficient. For directions, check with Resize an Amazon EBS quantity utilized by an atmosphere.

Arrange kubectl, Helm, and the AWS CLI

This submit requires the next CLI instruments to be put in:

  • kubectl to handle the Kubernetes sources deployed to the EKS cluster
  • Helm to deploy the sources primarily based on Helm charts (notice that we solely help Helm 3)
  • The AWS CLI to handle AWS sources

Full the next steps:

  1. Obtain kubectl (model 1.21.x) and make the file executable:
sudo curl --silent --location -o /usr/native/bin/kubectl

sudo chmod +x /usr/native/bin/kubectl

To put in kubectl in AWS Cloud9, use the next directions. AWS Cloud9 usually manages AWS Id and Entry Administration (IAM) credentials dynamically. This isn’t presently suitable with Amazon EKS IAM authentication, so we disable it and depend on the IAM function as a substitute.

  1. Obtain Helm (model 3.9.3):
curl -fsSL -o

chmod 700


  1. Set up the AWS CLI (model 2.x.x) or migrate AWS CLI model 1 to model 2.

After set up, be certain aws --version is pointing to model 2, or shut the terminal and create a brand new terminal session.

Create a service-linked function

OpenSearch Service makes use of IAM service-linked roles. A service-linked function is a singular sort of IAM function that’s linked on to OpenSearch Service. Service-linked roles are predefined by OpenSearch Service and embrace all of the permissions that the service requires to name different AWS providers in your behalf. To create a service-linked function for OpenSearch Service, difficulty the next command:

aws iam create-service-linked-role --aws-service-name

Set up the AWS CDK Toolkit v2

Set up AWS CDK v2 with the next code:

npm set up -g aws-cdk@newest

In case of any error, use the next code:

npm set up -g aws-cdk@newest –power

Provision completely different AWS managed providers

On this part, we stroll by the steps to provision completely different AWS managed providers.

Clone the GitHub repository

Clone the GitHub repo with the next code:

git clone

cd deploy-datahub-using-aws-managed-services-ingest-metadata

Initialize the AWS CDK stack

To initialize the AWS CDK stack, change the ACCOUNT_ID and REGION values within the cdk.json file.

Then run the next code, offering your account ID and Area:

python3 -m venv .venv
supply .venv/bin/activate
python3 -m pip set up -r necessities.txt
# Execute the under command as soon as per account, when you've got by no means executed this earlier than
cdk bootstrap aws://<account_id>/<aws_region>
# Synthesize CloudFormation
cdk synth

Deploy the AWS CDK stack

Deploy the AWS CDK stack with the next code:

# To maintain affirmation prompts, take away --require-approval by no means 
cdk deploy --all --require-approval by no means

Now that the deployment is full, we have to assemble all of the credentials and hostnames for various elements.

Examine AWS CloudFormation output

We created completely different AWS CloudFormation stacks after we ran the AWS CDK stack. We’d like the values from the stack outputs to make use of within the subsequent steps.

  1. On the AWS CloudFormation console, navigate to the EKS stack.
  2. Get the next command on the Outputs tab(key:eksclusterConfigCommandXXX), after which run it:
aws eks update-kubeconfig --region <region-code> --name <cluster-name> --role-arn <role_arn>

  1. Equally, navigate to the ElasticSearch stack and get the next key:
MasterPW <pwd>
MasterUser opensearch

CDK stack additionally created an AWS Secrets and techniques Supervisor secret.

  1. On the Secrets and techniques Supervisor console, navigate to the key with the identify MySqlInstanceDataHubSecret****.
  2. Within the Secret worth part, select Retrieve secret worth to get the next:
password <pwd>
dbname db1
engine mysql
port 3306
dbInstanceIdentifier <identfier-name>
host <host>
username admin

  1. On the OpenSearch Service console, get the area endpoint for the cluster opensearch-domain-datahub, which is within the following format:

  1. On the Amazon MSK console, navigate to your cluster (MSK-DataHub).
  2. Select View consumer info and duplicate each the plaintext Kafka bootstrap server and Apache ZooKeeper connection,which is within the following format:
#MSK Bootstarp servers(Plaintext)
#Apache ZooKeeper connection(Plaintext)

Set up DataHub containers to the provisioned EKS cluster

To put in the DataHub containers, full the next steps:

  1. Create Kubernetes secrets and techniques utilizing the next kubectl command, utilizing the MySQL and OpenSearch Service passwords what we collected earlier:
kubectl create secret generic mysql-secrets --from-literal=mysql-root-password=<mysql-pwd-copied-from-previous-step>

kubectl create secret generic elasticsearch-secrets --from-literal=elasticsearch-password=<opensearch-pwd-copied-from-previous-step>

  1. Add the DataHub Helm repo by operating the next Helm command:
helm repo add datahub

  1. Modify the next config recordsdata and substitute the worth of the MSK dealer, MySQL hostname, and OpenSearch Service area:
    1. Edit the values for values.yaml (within the charts/datahub folder on GitHub):
kafka->bootstrap->server with kafka bootstrap server
kafka->zookeeper->server with zookeeper particulars
elasticserach->host with ES area identify
sql->datasource->host with MySQL host identify
sql->datasource -> hostforMySqlClient with MySQL host identify
sql->datasource -> url with MySQL host identify

    1. Edit the values for values.yaml (in charts/conditions folder on GitHub):
kafka->bootstrap->server with kafka bootstrap server

  1. Now you may deploy the next two Helm charts to spin up the DataHub entrance finish and backend elements to the EKS cluster:
helm set up conditions datahub/datahub-prerequisites --values ./charts/conditions/values.yaml --version 0.0.10

helm set up datahub datahub/datahub --values ./charts/datahub/values.yaml --version 0.2.108

If you wish to use a more recent Helm chart, substitute the next chart values out of your present values.yaml:

  • elasticsearchSetupJob
  • world : graph_service_impl
  • world : elasticsearch
  • world :kafka
  • world :sql
  1. If the set up fails, debug with the next instructions to verify the standing of the completely different pods:
#Verify kubectl factors to the EKS cluster:
kubectl config current-context

#Get Standing of Pods
kubectl get pods

# If any service has error from above command, then execute under command for the error service.
kubectl logs -f <error-pod-name>

  1. After you determine the difficulty from the log and repair it manually, arrange DataHub with following Helm improve command:
helm improve --install datahub datahub/datahub --values ./charts/datahub/values.yaml --version 0.2.108

  1. After the DataHub setup is profitable, run the next command to get DataHub’s entrance finish URL that makes use of port 9002:

  1. Entry the DataHub URL in a browser with HTTP and use the default person identify and password as datahub to log in to the URL http://<id>.<area>

Notice that this isn’t really helpful for manufacturing deployment. We strongly suggest altering the default person identify and password or configuring single sign-on (SSO) by way of OpenID Join. For extra info, check with Including Customers to DataHub. Moreover, expose the endpoint by establishing an ingress controller with a customized area identify. Comply with the directions in AWS setup information to satisfy your networking necessities.

Clear up

The clean-up directions are offered within the Half 2 of this sequence.


On this submit, we demonstrated how one can deploy DataHub utilizing AWS managed providers. Half 2 of this sequence will deal with search and uncover of information belongings saved in your knowledge lake (by way of the AWS Glue Information Catalog) and knowledge warehouse in Amazon Redshift.

Concerning the Authors

Debadatta Mohapatra is an AWS Information Lab Architect. He has in depth expertise throughout huge knowledge, knowledge science, and IoT, throughout consulting and industrials. He’s an advocate of cloud-native knowledge platforms and the worth they will drive for patrons throughout industries.

Corvus Lee is a Options Architect for AWS Information Lab. He enjoys all types of data-related discussions, and helps clients construct MVPs utilizing AWS databases, analytics, and machine studying providers.

Suraj Bang is a Sr Options Architect at AWS. Suraj helps AWS clients on this function on their Analytics, Database and Machine Studying use circumstances, architects an answer to unravel their enterprise issues and helps them construct a scalable prototype.