aws.lakeformation.DataLakeSettings
Explore with Pulumi AI
Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the
IAMAllowedPrincipals
principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.
Example Usage
Data Lake Admins
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
test.arn,
testAwsIamRole.arn,
]});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example", admins=[
test["arn"],
test_aws_iam_role["arn"],
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
Create Default Permissions
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
test.arn,
testAwsIamRole.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: testAwsIamRole.arn,
}],
});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
test["arn"],
test_aws_iam_role["arn"],
],
create_database_default_permissions=[{
"permissions": [
"SELECT",
"ALTER",
"DROP",
],
"principal": test["arn"],
}],
create_table_default_permissions=[{
"permissions": ["ALL"],
"principal": test_aws_iam_role["arn"],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(testAwsIamRole.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = testAwsIamRole.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(test.arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(testAwsIamRole.arn())
.build())
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${testAwsIamRole.arn}
Enable EMR access to LakeFormation resources
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
test.arn,
testAwsIamRole.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: testAwsIamRole.arn,
}],
allowExternalDataFiltering: true,
externalDataFilteringAllowLists: [
current.accountId,
thirdParty.accountId,
],
authorizedSessionTagValueLists: ["Amazon EMR"],
allowFullTableExternalDataAccess: true,
});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
test["arn"],
test_aws_iam_role["arn"],
],
create_database_default_permissions=[{
"permissions": [
"SELECT",
"ALTER",
"DROP",
],
"principal": test["arn"],
}],
create_table_default_permissions=[{
"permissions": ["ALL"],
"principal": test_aws_iam_role["arn"],
}],
allow_external_data_filtering=True,
external_data_filtering_allow_lists=[
current["accountId"],
third_party["accountId"],
],
authorized_session_tag_value_lists=["Amazon EMR"],
allow_full_table_external_data_access=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(testAwsIamRole.Arn),
},
},
AllowExternalDataFiltering: pulumi.Bool(true),
ExternalDataFilteringAllowLists: pulumi.StringArray{
current.AccountId,
thirdParty.AccountId,
},
AuthorizedSessionTagValueLists: pulumi.StringArray{
pulumi.String("Amazon EMR"),
},
AllowFullTableExternalDataAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = testAwsIamRole.Arn,
},
},
AllowExternalDataFiltering = true,
ExternalDataFilteringAllowLists = new[]
{
current.AccountId,
thirdParty.AccountId,
},
AuthorizedSessionTagValueLists = new[]
{
"Amazon EMR",
},
AllowFullTableExternalDataAccess = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(test.arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(testAwsIamRole.arn())
.build())
.allowExternalDataFiltering(true)
.externalDataFilteringAllowLists(
current.accountId(),
thirdParty.accountId())
.authorizedSessionTagValueLists("Amazon EMR")
.allowFullTableExternalDataAccess(true)
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${testAwsIamRole.arn}
allowExternalDataFiltering: true
externalDataFilteringAllowLists:
- ${current.accountId}
- ${thirdParty.accountId}
authorizedSessionTagValueLists:
- Amazon EMR
allowFullTableExternalDataAccess: true
Change Cross Account Version
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {parameters: {
CROSS_ACCOUNT_VERSION: "3",
}});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example", parameters={
"CROSS_ACCOUNT_VERSION": "3",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Parameters: pulumi.StringMap{
"CROSS_ACCOUNT_VERSION": pulumi.String("3"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Parameters =
{
{ "CROSS_ACCOUNT_VERSION", "3" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.parameters(Map.of("CROSS_ACCOUNT_VERSION", "3"))
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
parameters:
CROSS_ACCOUNT_VERSION: '3'
Create DataLakeSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);
@overload
def DataLakeSettings(resource_name: str,
args: Optional[DataLakeSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def DataLakeSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
allow_full_table_external_data_access: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
parameters: Optional[Mapping[str, str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None)
func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)
public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
public DataLakeSettings(String name, DataLakeSettingsArgs args)
public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
type: aws:lakeformation:DataLakeSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dataLakeSettingsResource = new Aws.LakeFormation.DataLakeSettings("dataLakeSettingsResource", new()
{
Admins = new[]
{
"string",
},
AllowExternalDataFiltering = false,
AllowFullTableExternalDataAccess = false,
AuthorizedSessionTagValueLists = new[]
{
"string",
},
CatalogId = "string",
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"string",
},
Principal = "string",
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"string",
},
Principal = "string",
},
},
ExternalDataFilteringAllowLists = new[]
{
"string",
},
Parameters =
{
{ "string", "string" },
},
ReadOnlyAdmins = new[]
{
"string",
},
TrustedResourceOwners = new[]
{
"string",
},
});
example, err := lakeformation.NewDataLakeSettings(ctx, "dataLakeSettingsResource", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
pulumi.String("string"),
},
AllowExternalDataFiltering: pulumi.Bool(false),
AllowFullTableExternalDataAccess: pulumi.Bool(false),
AuthorizedSessionTagValueLists: pulumi.StringArray{
pulumi.String("string"),
},
CatalogId: pulumi.String("string"),
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Principal: pulumi.String("string"),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Principal: pulumi.String("string"),
},
},
ExternalDataFilteringAllowLists: pulumi.StringArray{
pulumi.String("string"),
},
Parameters: pulumi.StringMap{
"string": pulumi.String("string"),
},
ReadOnlyAdmins: pulumi.StringArray{
pulumi.String("string"),
},
TrustedResourceOwners: pulumi.StringArray{
pulumi.String("string"),
},
})
var dataLakeSettingsResource = new DataLakeSettings("dataLakeSettingsResource", DataLakeSettingsArgs.builder()
.admins("string")
.allowExternalDataFiltering(false)
.allowFullTableExternalDataAccess(false)
.authorizedSessionTagValueLists("string")
.catalogId("string")
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions("string")
.principal("string")
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("string")
.principal("string")
.build())
.externalDataFilteringAllowLists("string")
.parameters(Map.of("string", "string"))
.readOnlyAdmins("string")
.trustedResourceOwners("string")
.build());
data_lake_settings_resource = aws.lakeformation.DataLakeSettings("dataLakeSettingsResource",
admins=["string"],
allow_external_data_filtering=False,
allow_full_table_external_data_access=False,
authorized_session_tag_value_lists=["string"],
catalog_id="string",
create_database_default_permissions=[{
"permissions": ["string"],
"principal": "string",
}],
create_table_default_permissions=[{
"permissions": ["string"],
"principal": "string",
}],
external_data_filtering_allow_lists=["string"],
parameters={
"string": "string",
},
read_only_admins=["string"],
trusted_resource_owners=["string"])
const dataLakeSettingsResource = new aws.lakeformation.DataLakeSettings("dataLakeSettingsResource", {
admins: ["string"],
allowExternalDataFiltering: false,
allowFullTableExternalDataAccess: false,
authorizedSessionTagValueLists: ["string"],
catalogId: "string",
createDatabaseDefaultPermissions: [{
permissions: ["string"],
principal: "string",
}],
createTableDefaultPermissions: [{
permissions: ["string"],
principal: "string",
}],
externalDataFilteringAllowLists: ["string"],
parameters: {
string: "string",
},
readOnlyAdmins: ["string"],
trustedResourceOwners: ["string"],
});
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- string
allowExternalDataFiltering: false
allowFullTableExternalDataAccess: false
authorizedSessionTagValueLists:
- string
catalogId: string
createDatabaseDefaultPermissions:
- permissions:
- string
principal: string
createTableDefaultPermissions:
- permissions:
- string
principal: string
externalDataFilteringAllowLists:
- string
parameters:
string: string
readOnlyAdmins:
- string
trustedResourceOwners:
- string
DataLakeSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DataLakeSettings resource accepts the following input properties:
- Admins List<string>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Allow
Full boolTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<string>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Parameters Dictionary<string, string>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - Read
Only List<string>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- Admins []string
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Allow
Full boolTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- []string
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Parameters map[string]string
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - Read
Only []stringAdmins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full BooleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<String>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Map<String,String>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins string[]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full booleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- string[]
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters {[key: string]: string}
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only string[]Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins Sequence[str]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow_
full_ booltable_ external_ data_ access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- Sequence[str]
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog_
id str - Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Mapping[str, str]
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read_
only_ Sequence[str]admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full BooleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<String>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Map<String>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
Outputs
All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DataLakeSettings Resource
Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
allow_full_table_external_data_access: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
parameters: Optional[Mapping[str, str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings
func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)
public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)
public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Admins List<string>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Allow
Full boolTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<string>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Parameters Dictionary<string, string>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - Read
Only List<string>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- Admins []string
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Allow
Full boolTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- []string
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Parameters map[string]string
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - Read
Only []stringAdmins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full BooleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<String>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Map<String,String>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins string[]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full booleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- string[]
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters {[key: string]: string}
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only string[]Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins Sequence[str]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow_
full_ booltable_ external_ data_ access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- Sequence[str]
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog_
id str - Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Mapping[str, str]
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read_
only_ Sequence[str]admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- allow
Full BooleanTable External Data Access - Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- List<String>
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- parameters Map<String>
- Key-value map of additional configuration. Valid values for the
CROSS_ACCOUNT_VERSION
key are"1"
,"2"
,"3"
, or"4"
.SET_CONTEXT
is also returned with a value ofTRUE
. In a fresh account, prior to configuring,CROSS_ACCOUNT_VERSION
is"1"
. Destroying this resource sets theCROSS_ACCOUNT_VERSION
to"1"
. - read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including
admins
,create_database_default_permissions
,create_table_default_permissions
,parameters
, and/ortrusted_resource_owners
results in the setting being cleared.
Supporting Types
DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs
- Permissions List<string>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- Permissions []string
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions string[]
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions Sequence[str]
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - principal str
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
,DESCRIBE
, andCREATE_TABLE
. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs
- Permissions List<string>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- Permissions []string
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions string[]
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions Sequence[str]
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - principal str
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL
,SELECT
,ALTER
,DROP
,DELETE
,INSERT
, andDESCRIBE
. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principal
toIAM_ALLOWED_PRINCIPALS
andpermissions
to["ALL"]
.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.