pulumi-aws-kotlin/com.pulumi.aws.lakeformation.kotlin/DataLakeSettingsArgs

DataLakeSettingsArgs

data class DataLakeSettingsArgs(val admins: Output<List<String>>? = null, val allowExternalDataFiltering: Output<Boolean>? = null, val authorizedSessionTagValueLists: Output<List<String>>? = null, val catalogId: Output<String>? = null, val createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null, val createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null, val externalDataFilteringAllowLists: Output<List<String>>? = null, val readOnlyAdmins: Output<List<String>>? = null, val trustedResourceOwners: Output<List<String>>? = null) : ConvertibleToJava<DataLakeSettingsArgs>

Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

Example Usage

Data Lake Admins

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
    test.arn,
    testAwsIamRole.arn,
]});

import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example", admins=[
    test["arn"],
    test_aws_iam_role["arn"],
])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                test.arn(),
                testAwsIamRole.arn())
            .build());
    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}

Create Default Permissions

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        test.arn,
        testAwsIamRole.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: testAwsIamRole.arn,
    }],
});

import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ],
    create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
        permissions=[
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal=test["arn"],
    )],
    create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
        permissions=["ALL"],
        principal=test_aws_iam_role["arn"],
    )])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = testAwsIamRole.Arn,
            },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(testAwsIamRole.Arn),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                test.arn(),
                testAwsIamRole.arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(test.arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(testAwsIamRole.arn())
                .build())
            .build());
    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${testAwsIamRole.arn}

Enable EMR access to LakeFormation resources

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        test.arn,
        testAwsIamRole.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: testAwsIamRole.arn,
    }],
    allowExternalDataFiltering: true,
    externalDataFilteringAllowLists: [
        current.accountId,
        thirdParty.accountId,
    ],
    authorizedSessionTagValueLists: ["Amazon EMR"],
});

import pulumi
import pulumi_aws as aws
example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ],
    create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(
        permissions=[
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal=test["arn"],
    )],
    create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(
        permissions=["ALL"],
        principal=test_aws_iam_role["arn"],
    )],
    allow_external_data_filtering=True,
    external_data_filtering_allow_lists=[
        current["accountId"],
        third_party["accountId"],
    ],
    authorized_session_tag_value_lists=["Amazon EMR"])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = testAwsIamRole.Arn,
            },
        },
        AllowExternalDataFiltering = true,
        ExternalDataFilteringAllowLists = new[]
        {
            current.AccountId,
            thirdParty.AccountId,
        },
        AuthorizedSessionTagValueLists = new[]
        {
            "Amazon EMR",
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(testAwsIamRole.Arn),
				},
			},
			AllowExternalDataFiltering: pulumi.Bool(true),
			ExternalDataFilteringAllowLists: pulumi.StringArray{
				current.AccountId,
				thirdParty.AccountId,
			},
			AuthorizedSessionTagValueLists: pulumi.StringArray{
				pulumi.String("Amazon EMR"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(
                test.arn(),
                testAwsIamRole.arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(test.arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(testAwsIamRole.arn())
                .build())
            .allowExternalDataFiltering(true)
            .externalDataFilteringAllowLists(
                current.accountId(),
                thirdParty.accountId())
            .authorizedSessionTagValueLists("Amazon EMR")
            .build());
    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${testAwsIamRole.arn}
      allowExternalDataFiltering: true
      externalDataFilteringAllowLists:
        - ${current.accountId}
        - ${thirdParty.accountId}
      authorizedSessionTagValueLists:
        - Amazon EMR

Constructors

DataLakeSettingsArgs

fun DataLakeSettingsArgs(admins: Output<List<String>>? = null, allowExternalDataFiltering: Output<Boolean>? = null, authorizedSessionTagValueLists: Output<List<String>>? = null, catalogId: Output<String>? = null, createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null, createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null, externalDataFilteringAllowLists: Output<List<String>>? = null, readOnlyAdmins: Output<List<String>>? = null, trustedResourceOwners: Output<List<String>>? = null)

Functions

toJava

open override fun toJava(): DataLakeSettingsArgs

Properties

admins

val admins: Output<List<String>>? = null

Set of ARNs of AWS Lake Formation principals (IAM users or roles).

allowExternalDataFiltering

val allowExternalDataFiltering: Output<Boolean>? = null

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

authorizedSessionTagValueLists

val authorizedSessionTagValueLists: Output<List<String>>? = null

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

catalogId

val catalogId: Output<String>? = null

Identifier for the Data Catalog. By default, the account ID.

createDatabaseDefaultPermissions

val createDatabaseDefaultPermissions: Output<List<DataLakeSettingsCreateDatabaseDefaultPermissionArgs>>? = null

Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.

createTableDefaultPermissions

val createTableDefaultPermissions: Output<List<DataLakeSettingsCreateTableDefaultPermissionArgs>>? = null

Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.

externalDataFilteringAllowLists

val externalDataFilteringAllowLists: Output<List<String>>? = null

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.

readOnlyAdmins

val readOnlyAdmins: Output<List<String>>? = null

Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.

trustedResourceOwners

val trustedResourceOwners: Output<List<String>>? = null

List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).