Readonly
configThe resolved configuration of LakeFormationClient class. This is resolved and normalized from the constructor configuration interface.
Attaches one or more LF-tags to an existing resource.
Optional
options: HttpHandlerOptionsOptional
data: AddLFTagsToResourceCommandOutputOptional
data: AddLFTagsToResourceCommandOutputAllows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.
This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess
. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML
must at a minimum include lakeformation:GetDataAccess
in their role policies. A typical IAM policy attached to such a role would look as follows:
Optional
options: HttpHandlerOptionsOptional
data: AssumeDecoratedRoleWithSAMLCommandOutputOptional
data: AssumeDecoratedRoleWithSAMLCommandOutputBatch operation to grant permissions to the principal.
Optional
options: HttpHandlerOptionsOptional
data: BatchGrantPermissionsCommandOutputOptional
data: BatchGrantPermissionsCommandOutputBatch operation to revoke permissions from the principal.
Optional
options: HttpHandlerOptionsOptional
data: BatchRevokePermissionsCommandOutputOptional
data: BatchRevokePermissionsCommandOutputAttempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.
Optional
options: HttpHandlerOptionsOptional
data: CancelTransactionCommandOutputOptional
data: CancelTransactionCommandOutputAttempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.
Optional
options: HttpHandlerOptionsOptional
data: CommitTransactionCommandOutputOptional
data: CommitTransactionCommandOutputCreates a data cell filter to allow one to grant access to certain columns on certain rows.
Optional
options: HttpHandlerOptionsOptional
data: CreateDataCellsFilterCommandOutputOptional
data: CreateDataCellsFilterCommandOutputCreates an LF-tag with the specified name and values.
Optional
options: HttpHandlerOptionsOptional
data: CreateLFTagCommandOutputOptional
data: CreateLFTagCommandOutputDeletes a data cell filter.
Optional
options: HttpHandlerOptionsOptional
data: DeleteDataCellsFilterCommandOutputOptional
data: DeleteDataCellsFilterCommandOutputDeletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy
attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.
Optional
options: HttpHandlerOptionsOptional
data: DeleteLFTagCommandOutputOptional
data: DeleteLFTagCommandOutputFor a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.
The Glue ETL library function write_dynamic_frame.from_catalog()
includes an option to automatically
call DeleteObjectsOnCancel
before writes. For more information, see
Rolling Back Amazon S3 Writes.
Optional
options: HttpHandlerOptionsOptional
data: DeleteObjectsOnCancelCommandOutputOptional
data: DeleteObjectsOnCancelCommandOutputDeregisters the resource as managed by the Data Catalog.
When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
Optional
options: HttpHandlerOptionsOptional
data: DeregisterResourceCommandOutputOptional
data: DeregisterResourceCommandOutputRetrieves the current data access role for the given resource registered in Lake Formation.
Optional
options: HttpHandlerOptionsOptional
data: DescribeResourceCommandOutputOptional
data: DescribeResourceCommandOutputReturns the details of a single transaction.
Optional
options: HttpHandlerOptionsOptional
data: DescribeTransactionCommandOutputOptional
data: DescribeTransactionCommandOutputDestroy underlying resources, like sockets. It's usually not necessary to do this. However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. Otherwise, sockets might stay open for quite a long time before the server terminates them.
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.
Optional
options: HttpHandlerOptionsOptional
data: ExtendTransactionCommandOutputOptional
data: ExtendTransactionCommandOutputReturns a data cells filter.
Optional
options: HttpHandlerOptionsOptional
data: GetDataCellsFilterCommandOutputOptional
data: GetDataCellsFilterCommandOutputRetrieves the list of the data lake administrators of a Lake Formation-managed data lake.
Optional
options: HttpHandlerOptionsOptional
data: GetDataLakeSettingsCommandOutputOptional
data: GetDataLakeSettingsCommandOutputReturns the Lake Formation permissions for a specified table or database resource located
at a path in Amazon S3. GetEffectivePermissionsForPath
will not return databases and tables if the catalog is encrypted.
Optional
options: HttpHandlerOptionsOptional
data: GetEffectivePermissionsForPathCommandOutputOptional
data: GetEffectivePermissionsForPathCommandOutputReturns an LF-tag definition.
Optional
options: HttpHandlerOptionsOptional
data: GetLFTagCommandOutputOptional
data: GetLFTagCommandOutputReturns the state of a query previously submitted. Clients are expected to poll GetQueryState
to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning
.
Optional
options: HttpHandlerOptionsOptional
data: GetQueryStateCommandOutputOptional
data: GetQueryStateCommandOutputRetrieves statistics on the planning and execution of a query.
Optional
options: HttpHandlerOptionsOptional
data: GetQueryStatisticsCommandOutputOptional
data: GetQueryStatisticsCommandOutputReturns the LF-tags applied to a resource.
Optional
options: HttpHandlerOptionsOptional
data: GetResourceLFTagsCommandOutputOptional
data: GetResourceLFTagsCommandOutputReturns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.
Optional
options: HttpHandlerOptionsOptional
data: GetTableObjectsCommandOutputOptional
data: GetTableObjectsCommandOutputThis API is identical to GetTemporaryTableCredentials
except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.
Optional
options: HttpHandlerOptionsOptional
data: GetTemporaryGluePartitionCredentialsCommandOutputOptional
data: GetTemporaryGluePartitionCredentialsCommandOutputAllows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
Optional
options: HttpHandlerOptionsOptional
data: GetTemporaryGlueTableCredentialsCommandOutputOptional
data: GetTemporaryGlueTableCredentialsCommandOutputReturns the work units resulting from the query. Work units can be executed in any order and in parallel.
Optional
options: HttpHandlerOptionsOptional
data: GetWorkUnitResultsCommandOutputOptional
data: GetWorkUnitResultsCommandOutputRetrieves the work units generated by the StartQueryPlanning
operation.
Optional
options: HttpHandlerOptionsOptional
data: GetWorkUnitsCommandOutputOptional
data: GetWorkUnitsCommandOutputGrants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
For information about permissions, see Security and Access Control to Metadata and Data.
Optional
options: HttpHandlerOptionsOptional
data: GrantPermissionsCommandOutputOptional
data: GrantPermissionsCommandOutputLists all the data cell filters on a table.
Optional
options: HttpHandlerOptionsOptional
data: ListDataCellsFilterCommandOutputOptional
data: ListDataCellsFilterCommandOutputLists LF-tags that the requester has permission to view.
Optional
options: HttpHandlerOptionsOptional
data: ListLFTagsCommandOutputOptional
data: ListLFTagsCommandOutputReturns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
Optional
options: HttpHandlerOptionsOptional
data: ListPermissionsCommandOutputOptional
data: ListPermissionsCommandOutputLists the resources registered to be managed by the Data Catalog.
Optional
options: HttpHandlerOptionsOptional
data: ListResourcesCommandOutputOptional
data: ListResourcesCommandOutputReturns the configuration of all storage optimizers associated with a specified table.
Optional
options: HttpHandlerOptionsOptional
data: ListTableStorageOptimizersCommandOutputOptional
data: ListTableStorageOptimizersCommandOutputReturns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.
This operation can help you identify uncommitted transactions or to get information about transactions.
Optional
options: HttpHandlerOptionsOptional
data: ListTransactionsCommandOutputOptional
data: ListTransactionsCommandOutputSets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.
This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
Optional
options: HttpHandlerOptionsOptional
data: PutDataLakeSettingsCommandOutputOptional
data: PutDataLakeSettingsCommandOutputRegisters the resource as managed by the Data Catalog.
To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.
The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.
ResourceArn = arn:aws:s3:::my-bucket
UseServiceLinkedRole = true
If UseServiceLinkedRole
is not set to true, you must provide or set the RoleArn
:
arn:aws:iam::12345:role/my-data-access-role
Optional
options: HttpHandlerOptionsOptional
data: RegisterResourceCommandOutputOptional
data: RegisterResourceCommandOutputRemoves an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns
to specify column input.
Optional
options: HttpHandlerOptionsOptional
data: RemoveLFTagsFromResourceCommandOutputOptional
data: RemoveLFTagsFromResourceCommandOutputRevokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
Optional
options: HttpHandlerOptionsOptional
data: RevokePermissionsCommandOutputOptional
data: RevokePermissionsCommandOutputThis operation allows a search on DATABASE
resources by TagCondition
. This operation is used by admins who want to grant user permissions on certain TagConditions
. Before making a grant, the admin can use SearchDatabasesByTags
to find all resources where the given TagConditions
are valid to verify whether the returned resources can be shared.
Optional
options: HttpHandlerOptionsOptional
data: SearchDatabasesByLFTagsCommandOutputOptional
data: SearchDatabasesByLFTagsCommandOutputThis operation allows a search on TABLE
resources by LFTag
s. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags
to find all resources where the given LFTag
s are valid to verify whether the returned resources can be shared.
Optional
options: HttpHandlerOptionsOptional
data: SearchTablesByLFTagsCommandOutputOptional
data: SearchTablesByLFTagsCommandOutputOptional
options: HttpHandlerOptionsOptional
data: OutputTypeOptional
data: OutputTypeSubmits a request to process a query statement.
This operation generates work units that can be retrieved with the GetWorkUnits
operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.
Optional
options: HttpHandlerOptionsOptional
data: StartQueryPlanningCommandOutputOptional
data: StartQueryPlanningCommandOutputStarts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.
Optional
options: HttpHandlerOptionsOptional
data: StartTransactionCommandOutputOptional
data: StartTransactionCommandOutputUpdates a data cell filter.
Optional
options: HttpHandlerOptionsOptional
data: UpdateDataCellsFilterCommandOutputOptional
data: UpdateDataCellsFilterCommandOutputUpdates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.
Optional
options: HttpHandlerOptionsOptional
data: UpdateLFTagCommandOutputOptional
data: UpdateLFTagCommandOutputUpdates the data access role used for vending access to the given (registered) resource in Lake Formation.
Optional
options: HttpHandlerOptionsOptional
data: UpdateResourceCommandOutputOptional
data: UpdateResourceCommandOutputUpdates the manifest of Amazon S3 objects that make up the specified governed table.
Optional
options: HttpHandlerOptionsOptional
data: UpdateTableObjectsCommandOutputOptional
data: UpdateTableObjectsCommandOutputUpdates the configuration of the storage optimizers for a table.
Optional
options: HttpHandlerOptionsOptional
data: UpdateTableStorageOptimizerCommandOutputOptional
data: UpdateTableStorageOptimizerCommandOutput
Defines the public endpoint for the Lake Formation service.