Docs
PackagesTry AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
aws.lakeformation.DataLakeSettings
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the
IAMAllowedPrincipalsprincipal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.
Example Usage
Data Lake Admins
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
test.arn,
testAwsIamRole.arn,
]});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example", admins=[
test["arn"],
test_aws_iam_role["arn"],
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
Create Default Permissions
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
test.arn,
testAwsIamRole.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: testAwsIamRole.arn,
}],
});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
test["arn"],
test_aws_iam_role["arn"],
],
create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
permissions=[
"SELECT",
"ALTER",
"DROP",
],
principal=test["arn"],
)],
create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
permissions=["ALL"],
principal=test_aws_iam_role["arn"],
)])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(testAwsIamRole.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = testAwsIamRole.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(test.arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(testAwsIamRole.arn())
.build())
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${testAwsIamRole.arn}
Enable EMR access to LakeFormation resources
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
test.arn,
testAwsIamRole.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: testAwsIamRole.arn,
}],
allowExternalDataFiltering: true,
externalDataFilteringAllowLists: [
current.accountId,
thirdParty.accountId,
],
authorizedSessionTagValueLists: ["Amazon EMR"],
});
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
test["arn"],
test_aws_iam_role["arn"],
],
create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
permissions=[
"SELECT",
"ALTER",
"DROP",
],
principal=test["arn"],
)],
create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
permissions=["ALL"],
principal=test_aws_iam_role["arn"],
)],
allow_external_data_filtering=True,
external_data_filtering_allow_lists=[
current["accountId"],
third_party["accountId"],
],
authorized_session_tag_value_lists=["Amazon EMR"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(testAwsIamRole.Arn),
},
},
AllowExternalDataFiltering: pulumi.Bool(true),
ExternalDataFilteringAllowLists: pulumi.StringArray{
current.AccountId,
thirdParty.AccountId,
},
AuthorizedSessionTagValueLists: pulumi.StringArray{
pulumi.String("Amazon EMR"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
test.Arn,
testAwsIamRole.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = testAwsIamRole.Arn,
},
},
AllowExternalDataFiltering = true,
ExternalDataFilteringAllowLists = new[]
{
current.AccountId,
thirdParty.AccountId,
},
AuthorizedSessionTagValueLists = new[]
{
"Amazon EMR",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
test.arn(),
testAwsIamRole.arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(test.arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(testAwsIamRole.arn())
.build())
.allowExternalDataFiltering(true)
.externalDataFilteringAllowLists(
current.accountId(),
thirdParty.accountId())
.authorizedSessionTagValueLists("Amazon EMR")
.build());
}
}
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${test.arn}
- ${testAwsIamRole.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${testAwsIamRole.arn}
allowExternalDataFiltering: true
externalDataFilteringAllowLists:
- ${current.accountId}
- ${thirdParty.accountId}
authorizedSessionTagValueLists:
- Amazon EMR
Create DataLakeSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);@overload
def DataLakeSettings(resource_name: str,
args: Optional[DataLakeSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def DataLakeSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None)func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
public DataLakeSettings(String name, DataLakeSettingsArgs args)
public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
type: aws:lakeformation:DataLakeSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var dataLakeSettingsResource = new Aws.LakeFormation.DataLakeSettings("dataLakeSettingsResource", new()
{
Admins = new[]
{
"string",
},
AllowExternalDataFiltering = false,
AuthorizedSessionTagValueLists = new[]
{
"string",
},
CatalogId = "string",
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"string",
},
Principal = "string",
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"string",
},
Principal = "string",
},
},
ExternalDataFilteringAllowLists = new[]
{
"string",
},
ReadOnlyAdmins = new[]
{
"string",
},
TrustedResourceOwners = new[]
{
"string",
},
});
example, err := lakeformation.NewDataLakeSettings(ctx, "dataLakeSettingsResource", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
pulumi.String("string"),
},
AllowExternalDataFiltering: pulumi.Bool(false),
AuthorizedSessionTagValueLists: pulumi.StringArray{
pulumi.String("string"),
},
CatalogId: pulumi.String("string"),
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Principal: pulumi.String("string"),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Principal: pulumi.String("string"),
},
},
ExternalDataFilteringAllowLists: pulumi.StringArray{
pulumi.String("string"),
},
ReadOnlyAdmins: pulumi.StringArray{
pulumi.String("string"),
},
TrustedResourceOwners: pulumi.StringArray{
pulumi.String("string"),
},
})
var dataLakeSettingsResource = new DataLakeSettings("dataLakeSettingsResource", DataLakeSettingsArgs.builder()
.admins("string")
.allowExternalDataFiltering(false)
.authorizedSessionTagValueLists("string")
.catalogId("string")
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions("string")
.principal("string")
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("string")
.principal("string")
.build())
.externalDataFilteringAllowLists("string")
.readOnlyAdmins("string")
.trustedResourceOwners("string")
.build());
data_lake_settings_resource = aws.lakeformation.DataLakeSettings("dataLakeSettingsResource",
admins=["string"],
allow_external_data_filtering=False,
authorized_session_tag_value_lists=["string"],
catalog_id="string",
create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
permissions=["string"],
principal="string",
)],
create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
permissions=["string"],
principal="string",
)],
external_data_filtering_allow_lists=["string"],
read_only_admins=["string"],
trusted_resource_owners=["string"])
const dataLakeSettingsResource = new aws.lakeformation.DataLakeSettings("dataLakeSettingsResource", {
admins: ["string"],
allowExternalDataFiltering: false,
authorizedSessionTagValueLists: ["string"],
catalogId: "string",
createDatabaseDefaultPermissions: [{
permissions: ["string"],
principal: "string",
}],
createTableDefaultPermissions: [{
permissions: ["string"],
principal: "string",
}],
externalDataFilteringAllowLists: ["string"],
readOnlyAdmins: ["string"],
trustedResourceOwners: ["string"],
});
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- string
allowExternalDataFiltering: false
authorizedSessionTagValueLists:
- string
catalogId: string
createDatabaseDefaultPermissions:
- permissions:
- string
principal: string
createTableDefaultPermissions:
- permissions:
- string
principal: string
externalDataFilteringAllowLists:
- string
readOnlyAdmins:
- string
trustedResourceOwners:
- string
DataLakeSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DataLakeSettings resource accepts the following input properties:
- Admins List<string>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<string>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only List<string>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- Admins []string
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- []string
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only []stringAdmins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins string[]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- string[]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only string[]Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins Sequence[str]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Sequence[str]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog_
id str - Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read_
only_ Sequence[str]admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
Outputs
All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DataLakeSettings Resource
Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettingsfunc GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Admins List<string>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<string>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only List<string>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- Admins []string
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- []string
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only []stringAdmins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins string[]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- string[]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id string - Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only string[]Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins Sequence[str]
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Sequence[str]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog_
id str - Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read_
only_ Sequence[str]admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering - Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String - Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists - A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins - Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners - List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
Supporting Types
DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs
- Permissions List<string>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- Permissions []string
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions string[]
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions Sequence[str]
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - principal str
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs
- Permissions List<string>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- Permissions []string
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - Principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions string[]
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - principal string
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions Sequence[str]
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - principal str
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
- List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference. - principal String
- Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi