Docs
PackagesTry AWS Native preview for resources not in the classic version.
aws.lakeformation.DataLakeSettings
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the
IAMAllowedPrincipalsprincipal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.
Example Usage
Data Lake Admins
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
aws_iam_user.test().arn(),
aws_iam_role.test().arn())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example", admins=[
aws_iam_user["test"]["arn"],
aws_iam_role["test"]["arn"],
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
aws_iam_user.test.arn,
aws_iam_role.test.arn,
]});
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${aws_iam_user.test.arn}
- ${aws_iam_role.test.arn}
Create Default Permissions
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = aws_iam_user.Test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = aws_iam_role.Test.Arn,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(aws_iam_user.Test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(aws_iam_role.Test.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
aws_iam_user.test().arn(),
aws_iam_role.test().arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(aws_iam_user.test().arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(aws_iam_role.test().arn())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
aws_iam_user["test"]["arn"],
aws_iam_role["test"]["arn"],
],
create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
permissions=[
"SELECT",
"ALTER",
"DROP",
],
principal=aws_iam_user["test"]["arn"],
)],
create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
permissions=["ALL"],
principal=aws_iam_role["test"]["arn"],
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
aws_iam_user.test.arn,
aws_iam_role.test.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: aws_iam_user.test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: aws_iam_role.test.arn,
}],
});
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${aws_iam_user.test.arn}
- ${aws_iam_role.test.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${aws_iam_user.test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${aws_iam_role.test.arn}
Enable EMR access to LakeFormation resources
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LakeFormation.DataLakeSettings("example", new()
{
Admins = new[]
{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
CreateDatabaseDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
{
Permissions = new[]
{
"SELECT",
"ALTER",
"DROP",
},
Principal = aws_iam_user.Test.Arn,
},
},
CreateTableDefaultPermissions = new[]
{
new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
{
Permissions = new[]
{
"ALL",
},
Principal = aws_iam_role.Test.Arn,
},
},
AllowExternalDataFiltering = true,
ExternalDataFilteringAllowLists = new[]
{
data.Aws_caller_identity.Current.Account_id,
data.Aws_caller_identity.Third_party.Account_id,
},
AuthorizedSessionTagValueLists = new[]
{
"Amazon EMR",
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
Admins: pulumi.StringArray{
aws_iam_user.Test.Arn,
aws_iam_role.Test.Arn,
},
CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("ALTER"),
pulumi.String("DROP"),
},
Principal: pulumi.Any(aws_iam_user.Test.Arn),
},
},
CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("ALL"),
},
Principal: pulumi.Any(aws_iam_role.Test.Arn),
},
},
AllowExternalDataFiltering: pulumi.Bool(true),
ExternalDataFilteringAllowLists: pulumi.StringArray{
data.Aws_caller_identity.Current.Account_id,
data.Aws_caller_identity.Third_party.Account_id,
},
AuthorizedSessionTagValueLists: pulumi.StringArray{
pulumi.String("Amazon EMR"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
.admins(
aws_iam_user.test().arn(),
aws_iam_role.test().arn())
.createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
.permissions(
"SELECT",
"ALTER",
"DROP")
.principal(aws_iam_user.test().arn())
.build())
.createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
.permissions("ALL")
.principal(aws_iam_role.test().arn())
.build())
.allowExternalDataFiltering(true)
.externalDataFilteringAllowLists(
data.aws_caller_identity().current().account_id(),
data.aws_caller_identity().third_party().account_id())
.authorizedSessionTagValueLists("Amazon EMR")
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
admins=[
aws_iam_user["test"]["arn"],
aws_iam_role["test"]["arn"],
],
create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
permissions=[
"SELECT",
"ALTER",
"DROP",
],
principal=aws_iam_user["test"]["arn"],
)],
create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
permissions=["ALL"],
principal=aws_iam_role["test"]["arn"],
)],
allow_external_data_filtering=True,
external_data_filtering_allow_lists=[
data["aws_caller_identity"]["current"]["account_id"],
data["aws_caller_identity"]["third_party"]["account_id"],
],
authorized_session_tag_value_lists=["Amazon EMR"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
admins: [
aws_iam_user.test.arn,
aws_iam_role.test.arn,
],
createDatabaseDefaultPermissions: [{
permissions: [
"SELECT",
"ALTER",
"DROP",
],
principal: aws_iam_user.test.arn,
}],
createTableDefaultPermissions: [{
permissions: ["ALL"],
principal: aws_iam_role.test.arn,
}],
allowExternalDataFiltering: true,
externalDataFilteringAllowLists: [
data.aws_caller_identity.current.account_id,
data.aws_caller_identity.third_party.account_id,
],
authorizedSessionTagValueLists: ["Amazon EMR"],
});
resources:
example:
type: aws:lakeformation:DataLakeSettings
properties:
admins:
- ${aws_iam_user.test.arn}
- ${aws_iam_role.test.arn}
createDatabaseDefaultPermissions:
- permissions:
- SELECT
- ALTER
- DROP
principal: ${aws_iam_user.test.arn}
createTableDefaultPermissions:
- permissions:
- ALL
principal: ${aws_iam_role.test.arn}
allowExternalDataFiltering: true
externalDataFilteringAllowLists:
- ${data.aws_caller_identity.current.account_id}
- ${data.aws_caller_identity.third_party.account_id}
authorizedSessionTagValueLists:
- Amazon EMR
Create DataLakeSettings Resource
new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);@overload
def DataLakeSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None)
@overload
def DataLakeSettings(resource_name: str,
args: Optional[DataLakeSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
public DataLakeSettings(String name, DataLakeSettingsArgs args)
public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
type: aws:lakeformation:DataLakeSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DataLakeSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DataLakeSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DataLakeSettings resource accepts the following input properties:
- Admins List<string>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<string>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only List<string>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- Admins []string
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- []string
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only []stringAdmins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins string[]
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- string[]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only string[]Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins Sequence[str]
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Sequence[str]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog_
id str Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read_
only_ Sequence[str]admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
Outputs
All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing DataLakeSettings Resource
Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
admins: Optional[Sequence[str]] = None,
allow_external_data_filtering: Optional[bool] = None,
authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
catalog_id: Optional[str] = None,
create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
read_only_admins: Optional[Sequence[str]] = None,
trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettingsfunc GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Admins List<string>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<string>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- Create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data List<string>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only List<string>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource List<string>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- Admins []string
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- Allow
External boolData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- []string
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- Catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- Create
Database []DataDefault Permissions Lake Settings Create Database Default Permission Args Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- Create
Table []DataDefault Permissions Lake Settings Create Table Default Permission Args Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- External
Data []stringFiltering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- Read
Only []stringAdmins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- Trusted
Resource []stringOwners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String Identifier for the Data Catalog. By default, the account ID.
- create
Database List<DataDefault Permissions Lake Settings Create Database Default Permission> Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<DataDefault Permissions Lake Settings Create Table Default Permission> Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins string[]
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External booleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- string[]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id string Identifier for the Data Catalog. By default, the account ID.
- create
Database DataDefault Permissions Lake Settings Create Database Default Permission[] Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table DataDefault Permissions Lake Settings Create Table Default Permission[] Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data string[]Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only string[]Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource string[]Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins Sequence[str]
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow_
external_ booldata_ filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- Sequence[str]
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog_
id str Identifier for the Data Catalog. By default, the account ID.
- create_
database_ Sequence[Datadefault_ permissions Lake Settings Create Database Default Permission Args] Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create_
table_ Sequence[Datadefault_ permissions Lake Settings Create Table Default Permission Args] Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external_
data_ Sequence[str]filtering_ allow_ lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read_
only_ Sequence[str]admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted_
resource_ Sequence[str]owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
- admins List<String>
Set of ARNs of AWS Lake Formation principals (IAM users or roles).
- allow
External BooleanData Filtering Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
- List<String>
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
NOTE: Although optional, not including
admins,create_database_default_permissions,create_table_default_permissions, and/ortrusted_resource_ownersresults in the setting being cleared.- catalog
Id String Identifier for the Data Catalog. By default, the account ID.
- create
Database List<Property Map>Default Permissions Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
- create
Table List<Property Map>Default Permissions Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
- external
Data List<String>Filtering Allow Lists A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
- read
Only List<String>Admins Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
- trusted
Resource List<String>Owners List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
Supporting Types
DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs
- Permissions List<string>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- Principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- Permissions []string
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- Principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- principal String
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions string[]
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions Sequence[str]
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- principal str
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT,DESCRIBE, andCREATE_TABLE. For more details, see Lake Formation Permissions Reference.- principal String
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs
- Permissions List<string>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- Principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- Permissions []string
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- Principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- principal String
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions string[]
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- principal string
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions Sequence[str]
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- principal str
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
- permissions List<String>
List of permissions that are granted to the principal. Valid values may include
ALL,SELECT,ALTER,DROP,DELETE,INSERT, andDESCRIBE. For more details, see Lake Formation Permissions Reference.- principal String
Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set
principaltoIAM_ALLOWED_PRINCIPALSandpermissionsto["ALL"].
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.