aws logo
AWS Classic v5.41.0, May 15 23

aws.lakeformation.DataLakeSettings

Explore with Pulumi AI

Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

Example Usage

Data Lake Admins

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            aws_iam_user.Test.Arn,
            aws_iam_role.Test.Arn,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				aws_iam_user.Test.Arn,
				aws_iam_role.Test.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
            .admins(            
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example", admins=[
    aws_iam_user["test"]["arn"],
    aws_iam_role["test"]["arn"],
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
    aws_iam_user.test.arn,
    aws_iam_role.test.arn,
]});
resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${aws_iam_user.test.arn}
        - ${aws_iam_role.test.arn}

Create Default Permissions

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            aws_iam_user.Test.Arn,
            aws_iam_role.Test.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = aws_iam_user.Test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = aws_iam_role.Test.Arn,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				aws_iam_user.Test.Arn,
				aws_iam_role.Test.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(aws_iam_user.Test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(aws_iam_role.Test.Arn),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
            .admins(            
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(                
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        aws_iam_user["test"]["arn"],
        aws_iam_role["test"]["arn"],
    ],
    create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
        permissions=[
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal=aws_iam_user["test"]["arn"],
    )],
    create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
        permissions=["ALL"],
        principal=aws_iam_role["test"]["arn"],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        aws_iam_user.test.arn,
        aws_iam_role.test.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: aws_iam_user.test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: aws_iam_role.test.arn,
    }],
});
resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${aws_iam_user.test.arn}
        - ${aws_iam_role.test.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${aws_iam_user.test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${aws_iam_role.test.arn}

Enable EMR access to LakeFormation resources

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            aws_iam_user.Test.Arn,
            aws_iam_role.Test.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = aws_iam_user.Test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = aws_iam_role.Test.Arn,
            },
        },
        AllowExternalDataFiltering = true,
        ExternalDataFilteringAllowLists = new[]
        {
            data.Aws_caller_identity.Current.Account_id,
            data.Aws_caller_identity.Third_party.Account_id,
        },
        AuthorizedSessionTagValueLists = new[]
        {
            "Amazon EMR",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				aws_iam_user.Test.Arn,
				aws_iam_role.Test.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(aws_iam_user.Test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(aws_iam_role.Test.Arn),
				},
			},
			AllowExternalDataFiltering: pulumi.Bool(true),
			ExternalDataFilteringAllowLists: pulumi.StringArray{
				data.Aws_caller_identity.Current.Account_id,
				data.Aws_caller_identity.Third_party.Account_id,
			},
			AuthorizedSessionTagValueLists: pulumi.StringArray{
				pulumi.String("Amazon EMR"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
            .admins(            
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(                
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .allowExternalDataFiltering(true)
            .externalDataFilteringAllowLists(            
                data.aws_caller_identity().current().account_id(),
                data.aws_caller_identity().third_party().account_id())
            .authorizedSessionTagValueLists("Amazon EMR")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        aws_iam_user["test"]["arn"],
        aws_iam_role["test"]["arn"],
    ],
    create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
        permissions=[
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal=aws_iam_user["test"]["arn"],
    )],
    create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
        permissions=["ALL"],
        principal=aws_iam_role["test"]["arn"],
    )],
    allow_external_data_filtering=True,
    external_data_filtering_allow_lists=[
        data["aws_caller_identity"]["current"]["account_id"],
        data["aws_caller_identity"]["third_party"]["account_id"],
    ],
    authorized_session_tag_value_lists=["Amazon EMR"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        aws_iam_user.test.arn,
        aws_iam_role.test.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: aws_iam_user.test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: aws_iam_role.test.arn,
    }],
    allowExternalDataFiltering: true,
    externalDataFilteringAllowLists: [
        data.aws_caller_identity.current.account_id,
        data.aws_caller_identity.third_party.account_id,
    ],
    authorizedSessionTagValueLists: ["Amazon EMR"],
});
resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${aws_iam_user.test.arn}
        - ${aws_iam_role.test.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${aws_iam_user.test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${aws_iam_role.test.arn}
      allowExternalDataFiltering: true
      externalDataFilteringAllowLists:
        - ${data.aws_caller_identity.current.account_id}
        - ${data.aws_caller_identity.third_party.account_id}
      authorizedSessionTagValueLists:
        - Amazon EMR

Create DataLakeSettings Resource

new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);
@overload
def DataLakeSettings(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     admins: Optional[Sequence[str]] = None,
                     allow_external_data_filtering: Optional[bool] = None,
                     authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
                     catalog_id: Optional[str] = None,
                     create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
                     create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
                     external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
                     trusted_resource_owners: Optional[Sequence[str]] = None)
@overload
def DataLakeSettings(resource_name: str,
                     args: Optional[DataLakeSettingsArgs] = None,
                     opts: Optional[ResourceOptions] = None)
func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)
public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
public DataLakeSettings(String name, DataLakeSettingsArgs args)
public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
type: aws:lakeformation:DataLakeSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DataLakeSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DataLakeSettingsArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DataLakeSettingsArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DataLakeSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DataLakeSettingsArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

DataLakeSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DataLakeSettings resource accepts the following input properties:

Admins List<string>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

AllowExternalDataFiltering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

AuthorizedSessionTagValueLists List<string>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

CatalogId string

Identifier for the Data Catalog. By default, the account ID.

CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

ExternalDataFilteringAllowLists List<string>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

TrustedResourceOwners List<string>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Admins []string

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

AllowExternalDataFiltering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

AuthorizedSessionTagValueLists []string

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

CatalogId string

Identifier for the Data Catalog. By default, the account ID.

CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

ExternalDataFilteringAllowLists []string

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

TrustedResourceOwners []string

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins List<String>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering Boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists List<String>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId String

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists List<String>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners List<String>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins string[]

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists string[]

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId string

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermissionArgs[]

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermissionArgs[]

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists string[]

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners string[]

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins Sequence[str]

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allow_external_data_filtering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorized_session_tag_value_lists Sequence[str]

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalog_id str

Identifier for the Data Catalog. By default, the account ID.

create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

external_data_filtering_allow_lists Sequence[str]

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trusted_resource_owners Sequence[str]

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins List<String>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering Boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists List<String>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId String

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions List<Property Map>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions List<Property Map>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists List<String>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners List<String>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Outputs

All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing DataLakeSettings Resource

Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admins: Optional[Sequence[str]] = None,
        allow_external_data_filtering: Optional[bool] = None,
        authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
        catalog_id: Optional[str] = None,
        create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
        create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
        external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
        trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings
func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)
public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)
public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Admins List<string>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

AllowExternalDataFiltering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

AuthorizedSessionTagValueLists List<string>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

CatalogId string

Identifier for the Data Catalog. By default, the account ID.

CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

ExternalDataFilteringAllowLists List<string>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

TrustedResourceOwners List<string>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Admins []string

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

AllowExternalDataFiltering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

AuthorizedSessionTagValueLists []string

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

CatalogId string

Identifier for the Data Catalog. By default, the account ID.

CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

ExternalDataFilteringAllowLists []string

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

TrustedResourceOwners []string

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins List<String>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering Boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists List<String>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId String

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermissionArgs>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists List<String>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners List<String>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins string[]

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists string[]

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId string

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermissionArgs[]

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermissionArgs[]

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists string[]

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners string[]

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins Sequence[str]

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allow_external_data_filtering bool

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorized_session_tag_value_lists Sequence[str]

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalog_id str

Identifier for the Data Catalog. By default, the account ID.

create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

external_data_filtering_allow_lists Sequence[str]

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trusted_resource_owners Sequence[str]

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

admins List<String>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering Boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists List<String>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId String

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions List<Property Map>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions List<Property Map>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists List<String>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

trustedResourceOwners List<String>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Supporting Types

DataLakeSettingsCreateDatabaseDefaultPermission

Permissions List<string>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

Principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Permissions []string

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

Principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

principal String

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions string[]

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions Sequence[str]

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

principal str

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

principal String

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

DataLakeSettingsCreateTableDefaultPermission

Permissions List<string>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

Principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Permissions []string

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

Principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

principal String

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions string[]

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

principal string

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions Sequence[str]

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

principal str

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>

List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

principal String

Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.