AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

getPermissions

Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see Security and Access Control to Metadata and Data in Lake Formation.

NOTE: This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see Implicit Lake Formation Permissions.

Example Usage

Permissions For A Lake Formation S3 Resource

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var test = Output.Create(Aws.LakeFormation.GetPermissions.InvokeAsync(new Aws.LakeFormation.GetPermissionsArgs
        {
            Principal = aws_iam_role.Workflow_role.Arn,
            DataLocation = new Aws.LakeFormation.Inputs.GetPermissionsDataLocationArgs
            {
                Arn = aws_lakeformation_resource.Test.Arn,
            },
        }));
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
			Principal: aws_iam_role.Workflow_role.Arn,
			DataLocation: lakeformation.GetPermissionsDataLocation{
				Arn: aws_lakeformation_resource.Test.Arn,
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = Output.of(LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .dataLocation(GetPermissionsDataLocationArgs.builder()
                .arn(aws_lakeformation_resource.test().arn())
                .build())
            .build()));

    }
}
import pulumi
import pulumi_aws as aws

test = aws.lakeformation.get_permissions(principal=aws_iam_role["workflow_role"]["arn"],
    data_location=aws.lakeformation.GetPermissionsDataLocationArgs(
        arn=aws_lakeformation_resource["test"]["arn"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = aws.lakeformation.getPermissions({
    principal: aws_iam_role.workflow_role.arn,
    dataLocation: {
        arn: aws_lakeformation_resource.test.arn,
    },
});
variables:
  test:
    Fn::Invoke:
      Function: aws:lakeformation:getPermissions
      Arguments:
        principal: ${aws_iam_role.workflow_role.arn}
        dataLocation:
          arn: ${aws_lakeformation_resource.test.arn}

Permissions For A Glue Catalog Database

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var test = Output.Create(Aws.LakeFormation.GetPermissions.InvokeAsync(new Aws.LakeFormation.GetPermissionsArgs
        {
            Principal = aws_iam_role.Workflow_role.Arn,
            Database = new Aws.LakeFormation.Inputs.GetPermissionsDatabaseArgs
            {
                Name = aws_glue_catalog_database.Test.Name,
                CatalogId = "110376042874",
            },
        }));
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
			Principal: aws_iam_role.Workflow_role.Arn,
			Database: lakeformation.GetPermissionsDatabase{
				Name:      aws_glue_catalog_database.Test.Name,
				CatalogId: "110376042874",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = Output.of(LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .database(GetPermissionsDatabaseArgs.builder()
                .name(aws_glue_catalog_database.test().name())
                .catalogId("110376042874")
                .build())
            .build()));

    }
}
import pulumi
import pulumi_aws as aws

test = aws.lakeformation.get_permissions(principal=aws_iam_role["workflow_role"]["arn"],
    database=aws.lakeformation.GetPermissionsDatabaseArgs(
        name=aws_glue_catalog_database["test"]["name"],
        catalog_id="110376042874",
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = aws.lakeformation.getPermissions({
    principal: aws_iam_role.workflow_role.arn,
    database: {
        name: aws_glue_catalog_database.test.name,
        catalogId: "110376042874",
    },
});
variables:
  test:
    Fn::Invoke:
      Function: aws:lakeformation:getPermissions
      Arguments:
        principal: ${aws_iam_role.workflow_role.arn}
        database:
          name: ${aws_glue_catalog_database.test.name}
          catalogId: 110376042874

Permissions For Tag-Based Access Control

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var test = Output.Create(Aws.LakeFormation.GetPermissions.InvokeAsync(new Aws.LakeFormation.GetPermissionsArgs
        {
            Principal = aws_iam_role.Workflow_role.Arn,
            LfTagPolicy = new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyArgs
            {
                ResourceType = "DATABASE",
                Expressions = 
                {
                    new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyExpressionArgs
                    {
                        Key = "Team",
                        Values = 
                        {
                            "Sales",
                        },
                    },
                    new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyExpressionArgs
                    {
                        Key = "Environment",
                        Values = 
                        {
                            "Dev",
                            "Production",
                        },
                    },
                },
            },
        }));
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
			Principal: aws_iam_role.Workflow_role.Arn,
			LfTagPolicy: lakeformation.GetPermissionsLfTagPolicy{
				ResourceType: "DATABASE",
				Expressions: []lakeformation.GetPermissionsLfTagPolicyExpression{
					lakeformation.GetPermissionsLfTagPolicyExpression{
						Key: "Team",
						Values: []string{
							"Sales",
						},
					},
					lakeformation.GetPermissionsLfTagPolicyExpression{
						Key: "Environment",
						Values: []string{
							"Dev",
							"Production",
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = Output.of(LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .lfTagPolicy(GetPermissionsLfTagPolicyArgs.builder()
                .resourceType("DATABASE")
                .expressions(                
                    GetPermissionsLfTagPolicyExpressionArgs.builder()
                        .key("Team")
                        .values("Sales")
                        .build(),
                    GetPermissionsLfTagPolicyExpressionArgs.builder()
                        .key("Environment")
                        .values(                        
                            "Dev",
                            "Production")
                        .build())
                .build())
            .build()));

    }
}
import pulumi
import pulumi_aws as aws

test = aws.lakeformation.get_permissions(principal=aws_iam_role["workflow_role"]["arn"],
    lf_tag_policy=aws.lakeformation.GetPermissionsLfTagPolicyArgs(
        resource_type="DATABASE",
        expressions=[
            aws.lakeformation.GetPermissionsLfTagPolicyExpressionArgs(
                key="Team",
                values=["Sales"],
            ),
            aws.lakeformation.GetPermissionsLfTagPolicyExpressionArgs(
                key="Environment",
                values=[
                    "Dev",
                    "Production",
                ],
            ),
        ],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = aws.lakeformation.getPermissions({
    principal: aws_iam_role.workflow_role.arn,
    lfTagPolicy: {
        resourceType: "DATABASE",
        expressions: [
            {
                key: "Team",
                values: ["Sales"],
            },
            {
                key: "Environment",
                values: [
                    "Dev",
                    "Production",
                ],
            },
        ],
    },
});
variables:
  test:
    Fn::Invoke:
      Function: aws:lakeformation:getPermissions
      Arguments:
        principal: ${aws_iam_role.workflow_role.arn}
        lfTagPolicy:
          resourceType: DATABASE
          expressions:
            - key: Team
              values:
                - Sales
            - key: Environment
              values:
                - Dev
                - Production

Using getPermissions

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPermissions(args: GetPermissionsArgs, opts?: InvokeOptions): Promise<GetPermissionsResult>
function getPermissionsOutput(args: GetPermissionsOutputArgs, opts?: InvokeOptions): Output<GetPermissionsResult>
def get_permissions(catalog_id: Optional[str] = None,
                    catalog_resource: Optional[bool] = None,
                    data_location: Optional[GetPermissionsDataLocation] = None,
                    database: Optional[GetPermissionsDatabase] = None,
                    lf_tag: Optional[GetPermissionsLfTag] = None,
                    lf_tag_policy: Optional[GetPermissionsLfTagPolicy] = None,
                    principal: Optional[str] = None,
                    table: Optional[GetPermissionsTable] = None,
                    table_with_columns: Optional[GetPermissionsTableWithColumns] = None,
                    opts: Optional[InvokeOptions] = None) -> GetPermissionsResult
def get_permissions_output(catalog_id: Optional[pulumi.Input[str]] = None,
                    catalog_resource: Optional[pulumi.Input[bool]] = None,
                    data_location: Optional[pulumi.Input[GetPermissionsDataLocationArgs]] = None,
                    database: Optional[pulumi.Input[GetPermissionsDatabaseArgs]] = None,
                    lf_tag: Optional[pulumi.Input[GetPermissionsLfTagArgs]] = None,
                    lf_tag_policy: Optional[pulumi.Input[GetPermissionsLfTagPolicyArgs]] = None,
                    principal: Optional[pulumi.Input[str]] = None,
                    table: Optional[pulumi.Input[GetPermissionsTableArgs]] = None,
                    table_with_columns: Optional[pulumi.Input[GetPermissionsTableWithColumnsArgs]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetPermissionsResult]
func LookupPermissions(ctx *Context, args *LookupPermissionsArgs, opts ...InvokeOption) (*LookupPermissionsResult, error)
func LookupPermissionsOutput(ctx *Context, args *LookupPermissionsOutputArgs, opts ...InvokeOption) LookupPermissionsResultOutput

> Note: This function is named LookupPermissions in the Go SDK.

public static class GetPermissions 
{
    public static Task<GetPermissionsResult> InvokeAsync(GetPermissionsArgs args, InvokeOptions? opts = null)
    public static Output<GetPermissionsResult> Invoke(GetPermissionsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetPermissionsResult> getPermissions(GetPermissionsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: aws:lakeformation/getPermissions:getPermissions
  Arguments:
    # Arguments dictionary

The following arguments are supported:

Principal string

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

CatalogResource bool

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

DataLocation GetPermissionsDataLocation

Configuration block for a data location resource. Detailed below.

Database GetPermissionsDatabase

Configuration block for a database resource. Detailed below.

LfTag GetPermissionsLfTag

Configuration block for an LF-tag resource. Detailed below.

LfTagPolicy GetPermissionsLfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

Table GetPermissionsTable

Configuration block for a table resource. Detailed below.

TableWithColumns GetPermissionsTableWithColumns

Configuration block for a table with columns resource. Detailed below.

Principal string

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

CatalogResource bool

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

DataLocation GetPermissionsDataLocation

Configuration block for a data location resource. Detailed below.

Database GetPermissionsDatabase

Configuration block for a database resource. Detailed below.

LfTag GetPermissionsLfTag

Configuration block for an LF-tag resource. Detailed below.

LfTagPolicy GetPermissionsLfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

Table GetPermissionsTable

Configuration block for a table resource. Detailed below.

TableWithColumns GetPermissionsTableWithColumns

Configuration block for a table with columns resource. Detailed below.

principal String

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

catalogResource Boolean

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

dataLocation GetPermissionsDataLocation

Configuration block for a data location resource. Detailed below.

database GetPermissionsDatabase

Configuration block for a database resource. Detailed below.

lfTag GetPermissionsLfTag

Configuration block for an LF-tag resource. Detailed below.

lfTagPolicy GetPermissionsLfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

table GetPermissionsTable

Configuration block for a table resource. Detailed below.

tableWithColumns GetPermissionsTableWithColumns

Configuration block for a table with columns resource. Detailed below.

principal string

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

catalogResource boolean

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

dataLocation GetPermissionsDataLocation

Configuration block for a data location resource. Detailed below.

database GetPermissionsDatabase

Configuration block for a database resource. Detailed below.

lfTag GetPermissionsLfTag

Configuration block for an LF-tag resource. Detailed below.

lfTagPolicy GetPermissionsLfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

table GetPermissionsTable

Configuration block for a table resource. Detailed below.

tableWithColumns GetPermissionsTableWithColumns

Configuration block for a table with columns resource. Detailed below.

principal str

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

catalog_resource bool

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

data_location GetPermissionsDataLocation

Configuration block for a data location resource. Detailed below.

database GetPermissionsDatabase

Configuration block for a database resource. Detailed below.

lf_tag GetPermissionsLfTag

Configuration block for an LF-tag resource. Detailed below.

lf_tag_policy GetPermissionsLfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

table GetPermissionsTable

Configuration block for a table resource. Detailed below.

table_with_columns GetPermissionsTableWithColumns

Configuration block for a table with columns resource. Detailed below.

principal String

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

catalogResource Boolean

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

dataLocation Property Map

Configuration block for a data location resource. Detailed below.

database Property Map

Configuration block for a database resource. Detailed below.

lfTag Property Map

Configuration block for an LF-tag resource. Detailed below.

lfTagPolicy Property Map

Configuration block for an LF-tag policy resource. Detailed below.

table Property Map

Configuration block for a table resource. Detailed below.

tableWithColumns Property Map

Configuration block for a table with columns resource. Detailed below.

getPermissions Result

The following output properties are available:

DataLocation GetPermissionsDataLocation
Database GetPermissionsDatabase
Id string

The provider-assigned unique ID for this managed resource.

LfTag GetPermissionsLfTag
LfTagPolicy GetPermissionsLfTagPolicy
Permissions List<string>

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

PermissionsWithGrantOptions List<string>

Subset of permissions which the principal can pass.

Principal string
Table GetPermissionsTable
TableWithColumns GetPermissionsTableWithColumns
CatalogId string
CatalogResource bool
DataLocation GetPermissionsDataLocation
Database GetPermissionsDatabase
Id string

The provider-assigned unique ID for this managed resource.

LfTag GetPermissionsLfTag
LfTagPolicy GetPermissionsLfTagPolicy
Permissions []string

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

PermissionsWithGrantOptions []string

Subset of permissions which the principal can pass.

Principal string
Table GetPermissionsTable
TableWithColumns GetPermissionsTableWithColumns
CatalogId string
CatalogResource bool
dataLocation GetPermissionsDataLocation
database GetPermissionsDatabase
id String

The provider-assigned unique ID for this managed resource.

lfTag GetPermissionsLfTag
lfTagPolicy GetPermissionsLfTagPolicy
permissions List<String>

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

permissionsWithGrantOptions List<String>

Subset of permissions which the principal can pass.

principal String
table GetPermissionsTable
tableWithColumns GetPermissionsTableWithColumns
catalogId String
catalogResource Boolean
dataLocation GetPermissionsDataLocation
database GetPermissionsDatabase
id string

The provider-assigned unique ID for this managed resource.

lfTag GetPermissionsLfTag
lfTagPolicy GetPermissionsLfTagPolicy
permissions string[]

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

permissionsWithGrantOptions string[]

Subset of permissions which the principal can pass.

principal string
table GetPermissionsTable
tableWithColumns GetPermissionsTableWithColumns
catalogId string
catalogResource boolean
data_location GetPermissionsDataLocation
database GetPermissionsDatabase
id str

The provider-assigned unique ID for this managed resource.

lf_tag GetPermissionsLfTag
lf_tag_policy GetPermissionsLfTagPolicy
permissions Sequence[str]

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

permissions_with_grant_options Sequence[str]

Subset of permissions which the principal can pass.

principal str
table GetPermissionsTable
table_with_columns GetPermissionsTableWithColumns
catalog_id str
catalog_resource bool
dataLocation Property Map
database Property Map
id String

The provider-assigned unique ID for this managed resource.

lfTag Property Map
lfTagPolicy Property Map
permissions List<String>

List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.

permissionsWithGrantOptions List<String>

Subset of permissions which the principal can pass.

principal String
table Property Map
tableWithColumns Property Map
catalogId String
catalogResource Boolean

Supporting Types

GetPermissionsDataLocation

Arn string

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Arn string

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

arn String

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

arn string

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

arn str

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

arn String

Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

GetPermissionsDatabase

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Name string

Name of the table resource.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Name string

Name of the table resource.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

name String

Name of the table resource.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

name string

Name of the table resource.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

name str

Name of the table resource.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

name String

Name of the table resource.

GetPermissionsLfTag

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Key string

The key-name of an LF-Tag.

Values List<string>

A list of possible values of an LF-Tag.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Key string

The key-name of an LF-Tag.

Values []string

A list of possible values of an LF-Tag.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

key String

The key-name of an LF-Tag.

values List<String>

A list of possible values of an LF-Tag.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

key string

The key-name of an LF-Tag.

values string[]

A list of possible values of an LF-Tag.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

key str

The key-name of an LF-Tag.

values Sequence[str]

A list of possible values of an LF-Tag.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

key String

The key-name of an LF-Tag.

values List<String>

A list of possible values of an LF-Tag.

GetPermissionsLfTagPolicy

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Expressions List<GetPermissionsLfTagPolicyExpression>

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

ResourceType string

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

Expressions []GetPermissionsLfTagPolicyExpression

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

ResourceType string

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

expressions List<GetPermissionsLfTagPolicyExpression>

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

resourceType String

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

expressions GetPermissionsLfTagPolicyExpression[]

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

resourceType string

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

expressions Sequence[GetPermissionsLfTagPolicyExpression]

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

resource_type str

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

expressions List<Property Map>

A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See expression below.

resourceType String

The resource type for which the tag policy applies. Valid values are DATABASE and TABLE.

GetPermissionsLfTagPolicyExpression

Key string

The key-name of an LF-Tag.

Values List<string>

A list of possible values of an LF-Tag.

Key string

The key-name of an LF-Tag.

Values []string

A list of possible values of an LF-Tag.

key String

The key-name of an LF-Tag.

values List<String>

A list of possible values of an LF-Tag.

key string

The key-name of an LF-Tag.

values string[]

A list of possible values of an LF-Tag.

key str

The key-name of an LF-Tag.

values Sequence[str]

A list of possible values of an LF-Tag.

key String

The key-name of an LF-Tag.

values List<String>

A list of possible values of an LF-Tag.

GetPermissionsTable

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

Name string

Name of the table resource.

Wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

Name string

Name of the table resource.

Wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName String

Name of the database for the table with columns resource. Unique to the Data Catalog.

name String

Name of the table resource.

wildcard Boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

name string

Name of the table resource.

wildcard boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

database_name str

Name of the database for the table with columns resource. Unique to the Data Catalog.

name str

Name of the table resource.

wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName String

Name of the database for the table with columns resource. Unique to the Data Catalog.

name String

Name of the table resource.

wildcard Boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

GetPermissionsTableWithColumns

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

Name string

Name of the table resource.

ColumnNames List<string>

Set of column names for the table. At least one of column_names or excluded_column_names is required.

ExcludedColumnNames List<string>

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

Wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

CatalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

Name string

Name of the table resource.

ColumnNames []string

Set of column names for the table. At least one of column_names or excluded_column_names is required.

ExcludedColumnNames []string

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

Wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName String

Name of the database for the table with columns resource. Unique to the Data Catalog.

name String

Name of the table resource.

columnNames List<String>

Set of column names for the table. At least one of column_names or excluded_column_names is required.

excludedColumnNames List<String>

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

wildcard Boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId string

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName string

Name of the database for the table with columns resource. Unique to the Data Catalog.

name string

Name of the table resource.

columnNames string[]

Set of column names for the table. At least one of column_names or excluded_column_names is required.

excludedColumnNames string[]

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

wildcard boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalog_id str

Identifier for the Data Catalog. By default, it is the account ID of the caller.

database_name str

Name of the database for the table with columns resource. Unique to the Data Catalog.

name str

Name of the table resource.

column_names Sequence[str]

Set of column names for the table. At least one of column_names or excluded_column_names is required.

excluded_column_names Sequence[str]

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

wildcard bool

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

catalogId String

Identifier for the Data Catalog. By default, it is the account ID of the caller.

databaseName String

Name of the database for the table with columns resource. Unique to the Data Catalog.

name String

Name of the table resource.

columnNames List<String>

Set of column names for the table. At least one of column_names or excluded_column_names is required.

excludedColumnNames List<String>

Set of column names for the table to exclude. At least one of column_names or excluded_column_names is required.

wildcard Boolean

Whether to use a wildcard representing every table under a database. At least one of name or wildcard is required. Defaults to false.

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.