pulumi-aws-kotlin/com.pulumi.aws.lakeformation.kotlin/DataLakeSettings

DataLakeSettings

class DataLakeSettings : KotlinCustomResource

Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

Example Usage

Data Lake Admins

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .build());
    }
}
Content copied to clipboard

Create Default Permissions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .build());
    }
}
Content copied to clipboard

Enable EMR access to LakeFormation resources

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                aws_iam_user.test().arn(),
                aws_iam_role.test().arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(aws_iam_user.test().arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(aws_iam_role.test().arn())
                .build())
            .allowExternalDataFiltering(true)
            .externalDataFilteringAllowLists(
                data.aws_caller_identity().current().account_id(),
                data.aws_caller_identity().third_party().account_id())
            .authorizedSessionTagValueLists("Amazon EMR")
            .build());
    }
}
Content copied to clipboard

Properties

Link copied to clipboard
val admins: Output<List<String>>

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

Link copied to clipboard
val allowExternalDataFiltering: Output<Boolean>?

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

Link copied to clipboard
val authorizedSessionTagValueLists: Output<List<String>>

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

Link copied to clipboard
val catalogId: Output<String>?

Identifier for the Data Catalog. By default, the account ID.

Link copied to clipboard
val createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermission>>

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

Link copied to clipboard
val createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermission>>

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

Link copied to clipboard
val externalDataFilteringAllowLists: Output<List<String>>

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val trustedResourceOwners: Output<List<String>>

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).

Link copied to clipboard
val urn: Output<String>