pulumi-aws-kotlin/com.pulumi.aws.lakeformation.kotlin/DataLakeSettingsArgs

DataLakeSettingsArgs

data class DataLakeSettingsArgs(val admins: Output<List<String>>? = null, val allowExternalDataFiltering: Output<Boolean>? = null, val authorizedSessionTagValueLists: Output<List<String>>? = null, val catalogId: Output<String>? = null, val createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null, val createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null, val externalDataFilteringAllowLists: Output<List<String>>? = null, val trustedResourceOwners: Output<List<String>>? = null) : ConvertibleToJava<DataLakeSettingsArgs>

Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

Example Usage

Data Lake Admins

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .build());
    }
}
Content copied to clipboard

Create Default Permissions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .build());
    }
}
Content copied to clipboard

Enable EMR access to LakeFormation resources

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .allowExternalDataFiltering(true)
            .externalDataFilteringAllowLists(
                data.aws_caller_identity().current().account_id(),
                data.aws_caller_identity().third_party().account_id())
            .authorizedSessionTagValueLists("Amazon EMR")
            .build());
    }
}
Content copied to clipboard

Constructors

Link copied to clipboard
fun DataLakeSettingsArgs(admins: Output<List<String>>? = null, allowExternalDataFiltering: Output<Boolean>? = null, authorizedSessionTagValueLists: Output<List<String>>? = null, catalogId: Output<String>? = null, createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null, createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null, externalDataFilteringAllowLists: Output<List<String>>? = null, trustedResourceOwners: Output<List<String>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): DataLakeSettingsArgs

Properties

Link copied to clipboard
val admins: Output<List<String>>? = null

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

Link copied to clipboard
val allowExternalDataFiltering: Output<Boolean>? = null

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

Link copied to clipboard
val authorizedSessionTagValueLists: Output<List<String>>? = null

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

Link copied to clipboard
val catalogId: Output<String>? = null

Identifier for the Data Catalog. By default, the account ID.

Link copied to clipboard
val createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

Link copied to clipboard
val createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

Link copied to clipboard
val externalDataFilteringAllowLists: Output<List<String>>? = null

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

Link copied to clipboard
val trustedResourceOwners: Output<List<String>>? = null

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).