1. Packages
  2. AWS Classic
  3. API Docs
  4. lakeformation
  5. DataLakeSettings

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.2 published on Thursday, Dec 7, 2023 by Pulumi

aws.lakeformation.DataLakeSettings

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.2 published on Thursday, Dec 7, 2023 by Pulumi

    Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

    NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

    Example Usage

    Data Lake Admins

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                aws_iam_user.Test.Arn,
                aws_iam_role.Test.Arn,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				aws_iam_user.Test.Arn,
    				aws_iam_role.Test.Arn,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
                .admins(            
                    aws_iam_user.test().arn(),
                    aws_iam_role.test().arn())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example", admins=[
        aws_iam_user["test"]["arn"],
        aws_iam_role["test"]["arn"],
    ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
        aws_iam_user.test.arn,
        aws_iam_role.test.arn,
    ]});
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${aws_iam_user.test.arn}
            - ${aws_iam_role.test.arn}
    

    Create Default Permissions

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                aws_iam_user.Test.Arn,
                aws_iam_role.Test.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = aws_iam_user.Test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = aws_iam_role.Test.Arn,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				aws_iam_user.Test.Arn,
    				aws_iam_role.Test.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(aws_iam_user.Test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(aws_iam_role.Test.Arn),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
                .admins(            
                    aws_iam_user.test().arn(),
                    aws_iam_role.test().arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(aws_iam_user.test().arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(aws_iam_role.test().arn())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            aws_iam_user["test"]["arn"],
            aws_iam_role["test"]["arn"],
        ],
        create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
            permissions=[
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal=aws_iam_user["test"]["arn"],
        )],
        create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
            permissions=["ALL"],
            principal=aws_iam_role["test"]["arn"],
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            aws_iam_user.test.arn,
            aws_iam_role.test.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: aws_iam_user.test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: aws_iam_role.test.arn,
        }],
    });
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${aws_iam_user.test.arn}
            - ${aws_iam_role.test.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${aws_iam_user.test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${aws_iam_role.test.arn}
    

    Enable EMR access to LakeFormation resources

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LakeFormation.DataLakeSettings("example", new()
        {
            Admins = new[]
            {
                aws_iam_user.Test.Arn,
                aws_iam_role.Test.Arn,
            },
            CreateDatabaseDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "SELECT",
                        "ALTER",
                        "DROP",
                    },
                    Principal = aws_iam_user.Test.Arn,
                },
            },
            CreateTableDefaultPermissions = new[]
            {
                new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
                {
                    Permissions = new[]
                    {
                        "ALL",
                    },
                    Principal = aws_iam_role.Test.Arn,
                },
            },
            AllowExternalDataFiltering = true,
            ExternalDataFilteringAllowLists = new[]
            {
                data.Aws_caller_identity.Current.Account_id,
                data.Aws_caller_identity.Third_party.Account_id,
            },
            AuthorizedSessionTagValueLists = new[]
            {
                "Amazon EMR",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
    			Admins: pulumi.StringArray{
    				aws_iam_user.Test.Arn,
    				aws_iam_role.Test.Arn,
    			},
    			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("SELECT"),
    						pulumi.String("ALTER"),
    						pulumi.String("DROP"),
    					},
    					Principal: pulumi.Any(aws_iam_user.Test.Arn),
    				},
    			},
    			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
    				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
    					Permissions: pulumi.StringArray{
    						pulumi.String("ALL"),
    					},
    					Principal: pulumi.Any(aws_iam_role.Test.Arn),
    				},
    			},
    			AllowExternalDataFiltering: pulumi.Bool(true),
    			ExternalDataFilteringAllowLists: pulumi.StringArray{
    				data.Aws_caller_identity.Current.Account_id,
    				data.Aws_caller_identity.Third_party.Account_id,
    			},
    			AuthorizedSessionTagValueLists: pulumi.StringArray{
    				pulumi.String("Amazon EMR"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lakeformation.DataLakeSettings;
    import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
    import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()        
                .admins(            
                    aws_iam_user.test().arn(),
                    aws_iam_role.test().arn())
                .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                    .permissions(                
                        "SELECT",
                        "ALTER",
                        "DROP")
                    .principal(aws_iam_user.test().arn())
                    .build())
                .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                    .permissions("ALL")
                    .principal(aws_iam_role.test().arn())
                    .build())
                .allowExternalDataFiltering(true)
                .externalDataFilteringAllowLists(            
                    data.aws_caller_identity().current().account_id(),
                    data.aws_caller_identity().third_party().account_id())
                .authorizedSessionTagValueLists("Amazon EMR")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lakeformation.DataLakeSettings("example",
        admins=[
            aws_iam_user["test"]["arn"],
            aws_iam_role["test"]["arn"],
        ],
        create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
            permissions=[
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal=aws_iam_user["test"]["arn"],
        )],
        create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
            permissions=["ALL"],
            principal=aws_iam_role["test"]["arn"],
        )],
        allow_external_data_filtering=True,
        external_data_filtering_allow_lists=[
            data["aws_caller_identity"]["current"]["account_id"],
            data["aws_caller_identity"]["third_party"]["account_id"],
        ],
        authorized_session_tag_value_lists=["Amazon EMR"])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lakeformation.DataLakeSettings("example", {
        admins: [
            aws_iam_user.test.arn,
            aws_iam_role.test.arn,
        ],
        createDatabaseDefaultPermissions: [{
            permissions: [
                "SELECT",
                "ALTER",
                "DROP",
            ],
            principal: aws_iam_user.test.arn,
        }],
        createTableDefaultPermissions: [{
            permissions: ["ALL"],
            principal: aws_iam_role.test.arn,
        }],
        allowExternalDataFiltering: true,
        externalDataFilteringAllowLists: [
            data.aws_caller_identity.current.account_id,
            data.aws_caller_identity.third_party.account_id,
        ],
        authorizedSessionTagValueLists: ["Amazon EMR"],
    });
    
    resources:
      example:
        type: aws:lakeformation:DataLakeSettings
        properties:
          admins:
            - ${aws_iam_user.test.arn}
            - ${aws_iam_role.test.arn}
          createDatabaseDefaultPermissions:
            - permissions:
                - SELECT
                - ALTER
                - DROP
              principal: ${aws_iam_user.test.arn}
          createTableDefaultPermissions:
            - permissions:
                - ALL
              principal: ${aws_iam_role.test.arn}
          allowExternalDataFiltering: true
          externalDataFilteringAllowLists:
            - ${data.aws_caller_identity.current.account_id}
            - ${data.aws_caller_identity.third_party.account_id}
          authorizedSessionTagValueLists:
            - Amazon EMR
    

    Create DataLakeSettings Resource

    new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);
    @overload
    def DataLakeSettings(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         admins: Optional[Sequence[str]] = None,
                         allow_external_data_filtering: Optional[bool] = None,
                         authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
                         catalog_id: Optional[str] = None,
                         create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
                         create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
                         external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
                         read_only_admins: Optional[Sequence[str]] = None,
                         trusted_resource_owners: Optional[Sequence[str]] = None)
    @overload
    def DataLakeSettings(resource_name: str,
                         args: Optional[DataLakeSettingsArgs] = None,
                         opts: Optional[ResourceOptions] = None)
    func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)
    public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)
    public DataLakeSettings(String name, DataLakeSettingsArgs args)
    public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)
    
    type: aws:lakeformation:DataLakeSettings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DataLakeSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    DataLakeSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DataLakeSettings resource accepts the following input properties:

    Admins List<string>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    AllowExternalDataFiltering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    AuthorizedSessionTagValueLists List<string>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string

    Identifier for the Data Catalog. By default, the account ID.

    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    ExternalDataFilteringAllowLists List<string>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    ReadOnlyAdmins List<string>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    TrustedResourceOwners List<string>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Admins []string

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    AllowExternalDataFiltering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    AuthorizedSessionTagValueLists []string

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string

    Identifier for the Data Catalog. By default, the account ID.

    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    ExternalDataFilteringAllowLists []string

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    ReadOnlyAdmins []string

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    TrustedResourceOwners []string

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering Boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists List<String>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins string[]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists string[]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId string

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists string[]

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins string[]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners string[]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins Sequence[str]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allow_external_data_filtering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorized_session_tag_value_lists Sequence[str]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalog_id str

    Identifier for the Data Catalog. By default, the account ID.

    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    external_data_filtering_allow_lists Sequence[str]

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    read_only_admins Sequence[str]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trusted_resource_owners Sequence[str]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering Boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions List<Property Map>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions List<Property Map>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists List<String>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing DataLakeSettings Resource

    Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admins: Optional[Sequence[str]] = None,
            allow_external_data_filtering: Optional[bool] = None,
            authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
            catalog_id: Optional[str] = None,
            create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
            create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
            external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
            read_only_admins: Optional[Sequence[str]] = None,
            trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings
    func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)
    public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)
    public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Admins List<string>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    AllowExternalDataFiltering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    AuthorizedSessionTagValueLists List<string>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string

    Identifier for the Data Catalog. By default, the account ID.

    CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    ExternalDataFilteringAllowLists List<string>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    ReadOnlyAdmins List<string>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    TrustedResourceOwners List<string>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Admins []string

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    AllowExternalDataFiltering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    AuthorizedSessionTagValueLists []string

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    CatalogId string

    Identifier for the Data Catalog. By default, the account ID.

    CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    ExternalDataFilteringAllowLists []string

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    ReadOnlyAdmins []string

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    TrustedResourceOwners []string

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering Boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists List<String>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins string[]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists string[]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId string

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists string[]

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins string[]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners string[]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins Sequence[str]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allow_external_data_filtering bool

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorized_session_tag_value_lists Sequence[str]

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalog_id str

    Identifier for the Data Catalog. By default, the account ID.

    create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    external_data_filtering_allow_lists Sequence[str]

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    read_only_admins Sequence[str]

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trusted_resource_owners Sequence[str]

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    admins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles).

    allowExternalDataFiltering Boolean

    Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

    authorizedSessionTagValueLists List<String>

    Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

    NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, and/or trusted_resource_owners results in the setting being cleared.

    catalogId String

    Identifier for the Data Catalog. By default, the account ID.

    createDatabaseDefaultPermissions List<Property Map>

    Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

    createTableDefaultPermissions List<Property Map>

    Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

    externalDataFilteringAllowLists List<String>

    A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

    readOnlyAdmins List<String>

    Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

    trustedResourceOwners List<String>

    List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

    Supporting Types

    DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

    Permissions List<string>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    Principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    Permissions []string

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    Principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions List<String>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    principal String

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions string[]

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions Sequence[str]

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    principal str

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions List<String>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.

    principal String

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs

    Permissions List<string>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    Principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    Permissions []string

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    Principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions List<String>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    principal String

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions string[]

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    principal string

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions Sequence[str]

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    principal str

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    permissions List<String>

    List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.

    principal String

    Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.13.2 published on Thursday, Dec 7, 2023 by Pulumi