1. Packages
  2. AWS
  3. API Docs
  4. lakeformation
  5. DataLakeSettings
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.lakeformation.DataLakeSettings

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

    NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

    Example Usage

    Data Lake Admins

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
        test.arn,
        testAwsIamRole.arn,
    ]});
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example", admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
    

    Create Default Permissions

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            test.arn,
            testAwsIamRole.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: testAwsIamRole.arn,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            test["arn"],
            test_aws_iam_role["arn"],
        ],
        create_database_default_permissions=[{
            "permissions": [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            "principal": test["arn"],
        }],
        create_table_default_permissions=[{
            "permissions": ["ALL"],
            "principal": test_aws_iam_role["arn"],
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(testAwsIamRole.Arn),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = testAwsIamRole.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(test.arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(testAwsIamRole.arn())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${testAwsIamRole.arn}
    

    Enable EMR access to LakeFormation resources

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            test.arn,
            testAwsIamRole.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: testAwsIamRole.arn,
        }],
        allowExternalDataFiltering: true,
        externalDataFilteringAllowLists: [
            current.accountId,
            thirdParty.accountId,
        ],
        authorizedSessionTagValueLists: ["Amazon EMR"],
        allowFullTableExternalDataAccess: true,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            test["arn"],
            test_aws_iam_role["arn"],
        ],
        create_database_default_permissions=[{
            "permissions": [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            "principal": test["arn"],
        }],
        create_table_default_permissions=[{
            "permissions": ["ALL"],
            "principal": test_aws_iam_role["arn"],
        }],
        allow_external_data_filtering=True,
        external_data_filtering_allow_lists=[
            current["accountId"],
            third_party["accountId"],
        ],
        authorized_session_tag_value_lists=["Amazon EMR"],
        allow_full_table_external_data_access=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(testAwsIamRole.Arn),
    				},
    			},
    			AllowExternalDataFiltering: pulumi.Bool(true),
    			ExternalDataFilteringAllowLists: pulumi.StringArray{
    				current.AccountId,
    				thirdParty.AccountId,
    			},
    			AuthorizedSessionTagValueLists: pulumi.StringArray{
    				pulumi.String("Amazon EMR"),
    			},
    			AllowFullTableExternalDataAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = testAwsIamRole.Arn,
                },
            },
            AllowExternalDataFiltering = true,
            ExternalDataFilteringAllowLists = new[]
            {
                current.AccountId,
                thirdParty.AccountId,
            },
            AuthorizedSessionTagValueLists = new[]
            {
                "Amazon EMR",
            },
            AllowFullTableExternalDataAccess = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(test.arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(testAwsIamRole.arn())
                    .build())
                .allowExternalDataFiltering(true)
                .externalDataFilteringAllowLists(            
                    current.accountId(),
                    thirdParty.accountId())
                .authorizedSessionTagValueLists("Amazon EMR")
                .allowFullTableExternalDataAccess(true)
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${testAwsIamRole.arn}
          allowExternalDataFiltering: true
          externalDataFilteringAllowLists:
            - ${current.accountId}
            - ${thirdParty.accountId}
          authorizedSessionTagValueLists:
            - Amazon EMR
          allowFullTableExternalDataAccess: true
    

    Change Cross Account Version

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {parameters: {
        CROSS_ACCOUNT_VERSION: "3",
    }});
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example", parameters={
        "CROSS_ACCOUNT_VERSION": "3",
    })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Parameters: pulumi.StringMap{
    				"CROSS_ACCOUNT_VERSION": pulumi.String("3"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Parameters = 
            {
                { "CROSS_ACCOUNT_VERSION", "3" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .parameters(Map.of("CROSS_ACCOUNT_VERSION", "3"))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          parameters:
            CROSS_ACCOUNT_VERSION: '3'
    

    Create DataLakeSettings Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);
    @overload
    def DataLakeSettings(resource_name: str,
                         args: Optional[DataLakeSettingsArgs] = None,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def DataLakeSettings(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         admins: Optional[Sequence[str]] = None,
                         allow_external_data_filtering: Optional[bool] = None,
                         allow_full_table_external_data_access: Optional[bool] = None,
                         authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
                         catalog_id: Optional[str] = None,
                         create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
                         create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
                         external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
                         parameters: Optional[Mapping[str, str]] = None,
                         read_only_admins: Optional[Sequence[str]] = None,
                         trusted_resource_owners: Optional[Sequence[str]] = None)
    func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)
    public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
    public DataLakeSettings(String name, DataLakeSettingsArgs args)
    public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
    
    type: aws:lakeformation:DataLakeSettings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var dataLakeSettingsResource = new Aws.LakeFormation.DataLakeSettings("dataLakeSettingsResource", new()
    {
        Admins = new[]
        {
            "string",
        },
        AllowExternalDataFiltering = false,
        AllowFullTableExternalDataAccess = false,
        AuthorizedSessionTagValueLists = new[]
        {
            "string",
        },
        CatalogId = "string",
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "string",
                },
                Principal = "string",
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "string",
                },
                Principal = "string",
            },
        },
        ExternalDataFilteringAllowLists = new[]
        {
            "string",
        },
        Parameters = 
        {
            { "string", "string" },
        },
        ReadOnlyAdmins = new[]
        {
            "string",
        },
        TrustedResourceOwners = new[]
        {
            "string",
        },
    });
    
    example, err := lakeformation.NewDataLakeSettings(ctx, "dataLakeSettingsResource", &lakeformation.DataLakeSettingsArgs{
    	Admins: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowExternalDataFiltering:       pulumi.Bool(false),
    	AllowFullTableExternalDataAccess: pulumi.Bool(false),
    	AuthorizedSessionTagValueLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CatalogId: pulumi.String("string"),
    	CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    		&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    			Permissions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Principal: pulumi.String("string"),
    		},
    	},
    	CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    		&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    			Permissions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Principal: pulumi.String("string"),
    		},
    	},
    	ExternalDataFilteringAllowLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Parameters: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ReadOnlyAdmins: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TrustedResourceOwners: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var dataLakeSettingsResource = new DataLakeSettings("dataLakeSettingsResource", DataLakeSettingsArgs.builder()
        .admins("string")
        .allowExternalDataFiltering(false)
        .allowFullTableExternalDataAccess(false)
        .authorizedSessionTagValueLists("string")
        .catalogId("string")
        .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
            .permissions("string")
            .principal("string")
            .build())
        .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
            .permissions("string")
            .principal("string")
            .build())
        .externalDataFilteringAllowLists("string")
        .parameters(Map.of("string", "string"))
        .readOnlyAdmins("string")
        .trustedResourceOwners("string")
        .build());
    
    data_lake_settings_resource = aws.lakeformation.DataLakeSettings("dataLakeSettingsResource",
        admins=["string"],
        allow_external_data_filtering=False,
        allow_full_table_external_data_access=False,
        authorized_session_tag_value_lists=["string"],
        catalog_id="string",
        create_database_default_permissions=[{
            "permissions": ["string"],
            "principal": "string",
        }],
        create_table_default_permissions=[{
            "permissions": ["string"],
            "principal": "string",
        }],
        external_data_filtering_allow_lists=["string"],
        parameters={
            "string": "string",
        },
        read_only_admins=["string"],
        trusted_resource_owners=["string"])
    
    const dataLakeSettingsResource = new aws.lakeformation.DataLakeSettings("dataLakeSettingsResource", {
        admins: ["string"],
        allowExternalDataFiltering: false,
        allowFullTableExternalDataAccess: false,
        authorizedSessionTagValueLists: ["string"],
        catalogId: "string",
        createDatabaseDefaultPermissions: [{
            permissions: ["string"],
            principal: "string",
        }],
        createTableDefaultPermissions: [{
            permissions: ["string"],
            principal: "string",
        }],
        externalDataFilteringAllowLists: ["string"],
        parameters: {
            string: "string",
        },
        readOnlyAdmins: ["string"],
        trustedResourceOwners: ["string"],
    });
    
    type: aws:lakeformation:DataLakeSettings
    properties:
        admins:
            - string
        allowExternalDataFiltering: false
        allowFullTableExternalDataAccess: false
        authorizedSessionTagValueLists:
            - string
        catalogId: string
        createDatabaseDefaultPermissions:
            - permissions:
                - string
              principal: string
        createTableDefaultPermissions:
            - permissions:
                - string
              principal: string
        externalDataFilteringAllowLists:
            - string
        parameters:
            string: string
        readOnlyAdmins:
            - string
        trustedResourceOwners:
            - string
    

    DataLakeSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DataLakeSettings resource accepts the following input properties:

    Admins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AllowFullTableExternalDataAccess bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    AuthorizedSessionTagValueLists List<string>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists List<string>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    Parameters Dictionary<string, string>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    ReadOnlyAdmins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners List<string>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    Admins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AllowFullTableExternalDataAccess bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    AuthorizedSessionTagValueLists []string
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists []string
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    Parameters map[string]string
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    ReadOnlyAdmins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners []string

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess Boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists List<String>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Map<String,String>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists string[]
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId string
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists string[]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters {[key: string]: string}
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners string[]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allow_external_data_filtering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allow_full_table_external_data_access bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorized_session_tag_value_lists Sequence[str]
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalog_id str
    Identifier for the Data Catalog. By default, the account ID.
    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    external_data_filtering_allow_lists Sequence[str]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Mapping[str, str]
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    read_only_admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trusted_resource_owners Sequence[str]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess Boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists List<String>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Map<String>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DataLakeSettings Resource

    Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admins: Optional[Sequence[str]] = None,
            allow_external_data_filtering: Optional[bool] = None,
            allow_full_table_external_data_access: Optional[bool] = None,
            authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
            catalog_id: Optional[str] = None,
            create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
            create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
            external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
            parameters: Optional[Mapping[str, str]] = None,
            read_only_admins: Optional[Sequence[str]] = None,
            trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings
    func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)
    public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)
    public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Admins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AllowFullTableExternalDataAccess bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    AuthorizedSessionTagValueLists List<string>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists List<string>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    Parameters Dictionary<string, string>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    ReadOnlyAdmins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners List<string>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    Admins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AllowFullTableExternalDataAccess bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    AuthorizedSessionTagValueLists []string
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists []string
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    Parameters map[string]string
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    ReadOnlyAdmins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners []string

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess Boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists List<String>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Map<String,String>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists string[]
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId string
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists string[]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters {[key: string]: string}
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners string[]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allow_external_data_filtering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allow_full_table_external_data_access bool
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorized_session_tag_value_lists Sequence[str]
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalog_id str
    Identifier for the Data Catalog. By default, the account ID.
    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    external_data_filtering_allow_lists Sequence[str]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Mapping[str, str]
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    read_only_admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trusted_resource_owners Sequence[str]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    allowFullTableExternalDataAccess Boolean
    Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
    authorizedSessionTagValueLists List<String>
    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    parameters Map<String>
    Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

    Supporting Types

    DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

    Permissions List<string>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    Permissions []string
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions string[]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions Sequence[str]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal str
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs

    Permissions List<string>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    Permissions []string
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions string[]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions Sequence[str]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal str
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi