1. Packages
  2. AWS Classic
  3. API Docs
  4. lakeformation
  5. DataLakeSettings

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

aws.lakeformation.DataLakeSettings

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

    Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

    NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

    Example Usage

    Data Lake Admins

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
        test.arn,
        testAwsIamRole.arn,
    ]});
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example", admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
    

    Create Default Permissions

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            test.arn,
            testAwsIamRole.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: testAwsIamRole.arn,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            test["arn"],
            test_aws_iam_role["arn"],
        ],
        create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
            permissions=[
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal=test["arn"],
        )],
        create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
            permissions=["ALL"],
            principal=test_aws_iam_role["arn"],
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(testAwsIamRole.Arn),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = testAwsIamRole.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(test.arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(testAwsIamRole.arn())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${testAwsIamRole.arn}
    

    Enable EMR access to LakeFormation resources

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            test.arn,
            testAwsIamRole.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: testAwsIamRole.arn,
        }],
        allowExternalDataFiltering: true,
        externalDataFilteringAllowLists: [
            current.accountId,
            thirdParty.accountId,
        ],
        authorizedSessionTagValueLists: ["Amazon EMR"],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            test["arn"],
            test_aws_iam_role["arn"],
        ],
        create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
            permissions=[
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal=test["arn"],
        )],
        create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
            permissions=["ALL"],
            principal=test_aws_iam_role["arn"],
        )],
        allow_external_data_filtering=True,
        external_data_filtering_allow_lists=[
            current["accountId"],
            third_party["accountId"],
        ],
        authorized_session_tag_value_lists=["Amazon EMR"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				test.Arn,
    				testAwsIamRole.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(testAwsIamRole.Arn),
    				},
    			},
    			AllowExternalDataFiltering: pulumi.Bool(true),
    			ExternalDataFilteringAllowLists: pulumi.StringArray{
    				current.AccountId,
    				thirdParty.AccountId,
    			},
    			AuthorizedSessionTagValueLists: pulumi.StringArray{
    				pulumi.String("Amazon EMR"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                test.Arn,
                testAwsIamRole.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = testAwsIamRole.Arn,
                },
            },
            AllowExternalDataFiltering = true,
            ExternalDataFilteringAllowLists = new[]
            {
                current.AccountId,
                thirdParty.AccountId,
            },
            AuthorizedSessionTagValueLists = new[]
            {
                "Amazon EMR",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
                .admins(            
                    test.arn(),
                    testAwsIamRole.arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(test.arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(testAwsIamRole.arn())
                    .build())
                .allowExternalDataFiltering(true)
                .externalDataFilteringAllowLists(            
                    current.accountId(),
                    thirdParty.accountId())
                .authorizedSessionTagValueLists("Amazon EMR")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${test.arn}
            - ${testAwsIamRole.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${testAwsIamRole.arn}
          allowExternalDataFiltering: true
          externalDataFilteringAllowLists:
            - ${current.accountId}
            - ${thirdParty.accountId}
          authorizedSessionTagValueLists:
            - Amazon EMR
    

    Create DataLakeSettings Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);
    @overload
    def DataLakeSettings(resource_name: str,
                         args: Optional[DataLakeSettingsArgs] = None,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def DataLakeSettings(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         admins: Optional[Sequence[str]] = None,
                         allow_external_data_filtering: Optional[bool] = None,
                         authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
                         catalog_id: Optional[str] = None,
                         create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
                         create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
                         external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
                         read_only_admins: Optional[Sequence[str]] = None,
                         trusted_resource_owners: Optional[Sequence[str]] = None)
    func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)
    public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
    public DataLakeSettings(String name, DataLakeSettingsArgs args)
    public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
    
    type: aws:lakeformation:DataLakeSettings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var dataLakeSettingsResource = new Aws.LakeFormation.DataLakeSettings("dataLakeSettingsResource", new()
    {
        Admins = new[]
        {
            "string",
        },
        AllowExternalDataFiltering = false,
        AuthorizedSessionTagValueLists = new[]
        {
            "string",
        },
        CatalogId = "string",
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "string",
                },
                Principal = "string",
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "string",
                },
                Principal = "string",
            },
        },
        ExternalDataFilteringAllowLists = new[]
        {
            "string",
        },
        ReadOnlyAdmins = new[]
        {
            "string",
        },
        TrustedResourceOwners = new[]
        {
            "string",
        },
    });
    
    example, err := lakeformation.NewDataLakeSettings(ctx, "dataLakeSettingsResource", &lakeformation.DataLakeSettingsArgs{
    	Admins: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowExternalDataFiltering: pulumi.Bool(false),
    	AuthorizedSessionTagValueLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CatalogId: pulumi.String("string"),
    	CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    		&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    			Permissions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Principal: pulumi.String("string"),
    		},
    	},
    	CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    		&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    			Permissions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Principal: pulumi.String("string"),
    		},
    	},
    	ExternalDataFilteringAllowLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ReadOnlyAdmins: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TrustedResourceOwners: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var dataLakeSettingsResource = new DataLakeSettings("dataLakeSettingsResource", DataLakeSettingsArgs.builder()
        .admins("string")
        .allowExternalDataFiltering(false)
        .authorizedSessionTagValueLists("string")
        .catalogId("string")
        .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
            .permissions("string")
            .principal("string")
            .build())
        .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
            .permissions("string")
            .principal("string")
            .build())
        .externalDataFilteringAllowLists("string")
        .readOnlyAdmins("string")
        .trustedResourceOwners("string")
        .build());
    
    data_lake_settings_resource = aws.lakeformation.DataLakeSettings("dataLakeSettingsResource",
        admins=["string"],
        allow_external_data_filtering=False,
        authorized_session_tag_value_lists=["string"],
        catalog_id="string",
        create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
            permissions=["string"],
            principal="string",
        )],
        create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
            permissions=["string"],
            principal="string",
        )],
        external_data_filtering_allow_lists=["string"],
        read_only_admins=["string"],
        trusted_resource_owners=["string"])
    
    const dataLakeSettingsResource = new aws.lakeformation.DataLakeSettings("dataLakeSettingsResource", {
        admins: ["string"],
        allowExternalDataFiltering: false,
        authorizedSessionTagValueLists: ["string"],
        catalogId: "string",
        createDatabaseDefaultPermissions: [{
            permissions: ["string"],
            principal: "string",
        }],
        createTableDefaultPermissions: [{
            permissions: ["string"],
            principal: "string",
        }],
        externalDataFilteringAllowLists: ["string"],
        readOnlyAdmins: ["string"],
        trustedResourceOwners: ["string"],
    });
    
    type: aws:lakeformation:DataLakeSettings
    properties:
        admins:
            - string
        allowExternalDataFiltering: false
        authorizedSessionTagValueLists:
            - string
        catalogId: string
        createDatabaseDefaultPermissions:
            - permissions:
                - string
              principal: string
        createTableDefaultPermissions:
            - permissions:
                - string
              principal: string
        externalDataFilteringAllowLists:
            - string
        readOnlyAdmins:
            - string
        trustedResourceOwners:
            - string
    

    DataLakeSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DataLakeSettings resource accepts the following input properties:

    Admins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AuthorizedSessionTagValueLists List<string>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists List<string>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    ReadOnlyAdmins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners List<string>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    Admins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AuthorizedSessionTagValueLists []string

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists []string
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    ReadOnlyAdmins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners []string
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists string[]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId string
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists string[]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners string[]
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allow_external_data_filtering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorized_session_tag_value_lists Sequence[str]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalog_id str
    Identifier for the Data Catalog. By default, the account ID.
    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    external_data_filtering_allow_lists Sequence[str]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    read_only_admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trusted_resource_owners Sequence[str]
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DataLakeSettings Resource

    Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admins: Optional[Sequence[str]] = None,
            allow_external_data_filtering: Optional[bool] = None,
            authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
            catalog_id: Optional[str] = None,
            create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
            create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
            external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
            read_only_admins: Optional[Sequence[str]] = None,
            trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings
    func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)
    public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)
    public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Admins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AuthorizedSessionTagValueLists List<string>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists List<string>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    ReadOnlyAdmins List<string>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners List<string>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    Admins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    AllowExternalDataFiltering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    AuthorizedSessionTagValueLists []string

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string
    Identifier for the Data Catalog. By default, the account ID.
    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    ExternalDataFilteringAllowLists []string
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    ReadOnlyAdmins []string
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    TrustedResourceOwners []string
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists string[]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId string
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists string[]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins string[]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners string[]
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allow_external_data_filtering bool
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorized_session_tag_value_lists Sequence[str]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalog_id str
    Identifier for the Data Catalog. By default, the account ID.
    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    external_data_filtering_allow_lists Sequence[str]
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    read_only_admins Sequence[str]
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trusted_resource_owners Sequence[str]
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
    admins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles).
    allowExternalDataFiltering Boolean
    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String
    Identifier for the Data Catalog. By default, the account ID.
    createDatabaseDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
    createTableDefaultPermissions List<Property Map>
    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
    externalDataFilteringAllowLists List<String>
    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
    readOnlyAdmins List<String>
    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
    trustedResourceOwners List<String>
    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Supporting Types

    DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

    Permissions List<string>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    Permissions []string
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions string[]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions Sequence[str]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal str
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs

    Permissions List<string>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    Permissions []string
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    Principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions string[]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal string
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions Sequence[str]
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal str
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].
    permissions List<String>
    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
    principal String
    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi