AWS Lake Formation 2017-03-31
- Client: Aws\LakeFormation\LakeFormationClient
- Service ID: lakeformation
- Version: 2017-03-31
This page describes the parameters and results for the operations of the AWS Lake Formation (2017-03-31), and shows how to use the Aws\LakeFormation\LakeFormationClient object to call the described operations. This documentation is specific to the 2017-03-31 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AddLFTagsToResource ( array $params = [] )
Attaches one or more LF-tags to an existing resource.
- BatchGrantPermissions ( array $params = [] )
Batch operation to grant permissions to the principal.
- BatchRevokePermissions ( array $params = [] )
Batch operation to revoke permissions from the principal.
- CancelTransaction ( array $params = [] )
Attempts to cancel the specified transaction.
- CommitTransaction ( array $params = [] )
Attempts to commit the specified transaction.
- CreateDataCellsFilter ( array $params = [] )
Creates a data cell filter to allow one to grant access to certain columns on certain rows.
- CreateLFTag ( array $params = [] )
Creates an LF-tag with the specified name and values.
- DeleteDataCellsFilter ( array $params = [] )
Deletes a data cell filter.
- DeleteLFTag ( array $params = [] )
Deletes the specified LF-tag key name.
- DeleteObjectsOnCancel ( array $params = [] )
For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.
- DeregisterResource ( array $params = [] )
Deregisters the resource as managed by the Data Catalog.
- DescribeResource ( array $params = [] )
Retrieves the current data access role for the given resource registered in Lake Formation.
- DescribeTransaction ( array $params = [] )
Returns the details of a single transaction.
- ExtendTransaction ( array $params = [] )
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
- GetDataLakeSettings ( array $params = [] )
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
- GetEffectivePermissionsForPath ( array $params = [] )
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
- GetLFTag ( array $params = [] )
Returns an LF-tag definition.
- GetQueryState ( array $params = [] )
Returns the state of a query previously submitted.
- GetQueryStatistics ( array $params = [] )
Retrieves statistics on the planning and execution of a query.
- GetResourceLFTags ( array $params = [] )
Returns the LF-tags applied to a resource.
- GetTableObjects ( array $params = [] )
Returns the set of Amazon S3 objects that make up the specified governed table.
- GetTemporaryGluePartitionCredentials ( array $params = [] )
This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.
- GetTemporaryGlueTableCredentials ( array $params = [] )
Allows a caller in a secure environment to assume a role with permission to access Amazon S3.
- GetWorkUnitResults ( array $params = [] )
Returns the work units resulting from the query.
- GetWorkUnits ( array $params = [] )
Retrieves the work units generated by the StartQueryPlanning operation.
- GrantPermissions ( array $params = [] )
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- ListDataCellsFilter ( array $params = [] )
Lists all the data cell filters on a table.
- ListLFTags ( array $params = [] )
Lists LF-tags that the requester has permission to view.
- ListPermissions ( array $params = [] )
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
- ListResources ( array $params = [] )
Lists the resources registered to be managed by the Data Catalog.
- ListTableStorageOptimizers ( array $params = [] )
Returns the configuration of all storage optimizers associated with a specified table.
- ListTransactions ( array $params = [] )
Returns metadata about transactions and their status.
- PutDataLakeSettings ( array $params = [] )
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
- RegisterResource ( array $params = [] )
Registers the resource as managed by the Data Catalog.
- RemoveLFTagsFromResource ( array $params = [] )
Removes an LF-tag from the resource.
- RevokePermissions ( array $params = [] )
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- SearchDatabasesByLFTags ( array $params = [] )
This operation allows a search on DATABASE resources by TagCondition.
- SearchTablesByLFTags ( array $params = [] )
This operation allows a search on TABLE resources by LFTags.
- StartQueryPlanning ( array $params = [] )
Submits a request to process a query statement.
- StartTransaction ( array $params = [] )
Starts a new transaction and returns its transaction ID.
- UpdateLFTag ( array $params = [] )
Updates the list of possible values for the specified LF-tag key.
- UpdateResource ( array $params = [] )
Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
- UpdateTableObjects ( array $params = [] )
Updates the manifest of Amazon S3 objects that make up the specified governed table.
- UpdateTableStorageOptimizer ( array $params = [] )
Updates the configuration of the storage optimizers for a table.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AddLFTagsToResource
$result = $client->addLFTagsToResource([/* ... */]); $promise = $client->addLFTagsToResourceAsync([/* ... */]);
Attaches one or more LF-tags to an existing resource.
Parameter Syntax
$result = $client->addLFTagsToResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The LF-tags to attach to the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource to which to attach an LF-tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to tag the resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
BatchGrantPermissions
$result = $client->batchGrantPermissions([/* ... */]); $promise = $client->batchGrantPermissionsAsync([/* ... */]);
Batch operation to grant permissions to the principal.
Parameter Syntax
$result = $client->batchGrantPermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to grant permissions to the resources.
Errors
-
The input provided was not valid.
-
The operation timed out.
BatchRevokePermissions
$result = $client->batchRevokePermissions([/* ... */]); $promise = $client->batchRevokePermissionsAsync([/* ... */]);
Batch operation to revoke permissions from the principal.
Parameter Syntax
$result = $client->batchRevokePermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to revoke permissions to the resources.
Errors
-
The input provided was not valid.
-
The operation timed out.
CancelTransaction
$result = $client->cancelTransaction([/* ... */]); $promise = $client->cancelTransactionAsync([/* ... */]);
Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.
Parameter Syntax
$result = $client->cancelTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
An internal service error occurred.
-
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
CommitTransaction
$result = $client->commitTransaction([/* ... */]); $promise = $client->commitTransactionAsync([/* ... */]);
Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.
Parameter Syntax
$result = $client->commitTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
]
Result Details
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
An internal service error occurred.
-
The operation timed out.
-
Contains details about an error related to a transaction that was cancelled.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
CreateDataCellsFilter
$result = $client->createDataCellsFilter([/* ... */]); $promise = $client->createDataCellsFilterAsync([/* ... */]);
Creates a data cell filter to allow one to grant access to certain columns on certain rows.
Parameter Syntax
$result = $client->createDataCellsFilter([
'TableData' => [ // REQUIRED
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- TableData
-
- Required: Yes
- Type: DataCellsFilter structure
A
DataCellsFilterstructure containing information about the data cells filter.
Result Syntax
[]
Result Details
Errors
-
A resource to be created or added already exists.
-
The input provided was not valid.
-
A specified entity does not exist
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
CreateLFTag
$result = $client->createLFTag([/* ... */]); $promise = $client->createLFTagAsync([/* ... */]);
Creates an LF-tag with the specified name and values.
Parameter Syntax
$result = $client->createLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
DeleteDataCellsFilter
$result = $client->deleteDataCellsFilter([/* ... */]); $promise = $client->deleteDataCellsFilterAsync([/* ... */]);
Deletes a data cell filter.
Parameter Syntax
$result = $client->deleteDataCellsFilter([
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
DeleteLFTag
$result = $client->deleteLFTag([/* ... */]); $promise = $client->deleteLFTagAsync([/* ... */]);
Deletes the specified LF-tag key name. If the attribute key does not exist or the LF-tag does not exist, then the operation will not do anything. If the attribute key exists, then the operation checks if any resources are tagged with this attribute key, if yes, the API throws a 400 Exception with the message "Delete not allowed" as the LF-tag key is still attached with resources. You can consider untagging resources with this LF-tag key.
Parameter Syntax
$result = $client->deleteLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag to delete.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
DeleteObjectsOnCancel
$result = $client->deleteObjectsOnCancel([/* ... */]); $promise = $client->deleteObjectsOnCancelAsync([/* ... */]);
For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.
The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.
Parameter Syntax
$result = $client->deleteObjectsOnCancel([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Objects' => [ // REQUIRED
[
'ETag' => '<string>',
'Uri' => '<string>', // REQUIRED
],
// ...
],
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Glue data catalog that contains the governed table. Defaults to the current account ID.
- DatabaseName
-
- Required: Yes
- Type: string
The database that contains the governed table.
- Objects
-
- Required: Yes
- Type: Array of VirtualObject structures
A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.
- TableName
-
- Required: Yes
- Type: string
The name of the governed table.
- TransactionId
-
- Required: Yes
- Type: string
ID of the transaction that the writes occur in.
Result Syntax
[]
Result Details
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
A specified entity does not exist
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
Contains details about an error related to a transaction that was cancelled.
-
Contains details about an error related to a resource which is not ready for a transaction.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
DeregisterResource
$result = $client->deregisterResource([/* ... */]); $promise = $client->deregisterResourceAsync([/* ... */]);
Deregisters the resource as managed by the Data Catalog.
When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
Parameter Syntax
$result = $client->deregisterResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
DescribeResource
$result = $client->describeResource([/* ... */]); $promise = $client->describeResourceAsync([/* ... */]);
Retrieves the current data access role for the given resource registered in Lake Formation.
Parameter Syntax
$result = $client->describeResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'ResourceInfo' => [
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
],
]
Result Details
Members
- ResourceInfo
-
- Type: ResourceInfo structure
A structure containing information about an Lake Formation resource.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
DescribeTransaction
$result = $client->describeTransaction([/* ... */]); $promise = $client->describeTransactionAsync([/* ... */]);
Returns the details of a single transaction.
Parameter Syntax
$result = $client->describeTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'TransactionDescription' => [
'TransactionEndTime' => <DateTime>,
'TransactionId' => '<string>',
'TransactionStartTime' => <DateTime>,
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
],
]
Result Details
Members
- TransactionDescription
-
- Type: TransactionDescription structure
Returns a
TransactionDescriptionobject containing information about the transaction.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
ExtendTransaction
$result = $client->extendTransaction([/* ... */]); $promise = $client->extendTransactionAsync([/* ... */]);
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.
Parameter Syntax
$result = $client->extendTransaction([
'TransactionId' => '<string>',
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
An internal service error occurred.
-
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
Contains details about an error related to a transaction that was cancelled.
-
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
GetDataLakeSettings
$result = $client->getDataLakeSettings([/* ... */]); $promise = $client->getDataLakeSettingsAsync([/* ... */]);
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
Parameter Syntax
$result = $client->getDataLakeSettings([
'CatalogId' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'DataLakeSettings' => [
'AllowExternalDataFiltering' => true || false,
'AuthorizedSessionTagValueList' => ['<string>', ...],
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'ExternalDataFilteringAllowList' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]
Result Details
Members
- DataLakeSettings
-
- Type: DataLakeSettings structure
A structure representing a list of Lake Formation principals designated as data lake administrators.
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
A specified entity does not exist
GetEffectivePermissionsForPath
$result = $client->getEffectivePermissionsForPath([/* ... */]); $promise = $client->getEffectivePermissionsForPathAsync([/* ... */]);
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.
Parameter Syntax
$result = $client->getEffectivePermissionsForPath([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which you want to get permissions.
Result Syntax
[
'NextToken' => '<string>',
'Permissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Permissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of the permissions for the specified table or database resource located at the path in Amazon S3.
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
The operation timed out.
-
An internal service error occurred.
GetLFTag
$result = $client->getLFTag([/* ... */]); $promise = $client->getLFTagAsync([/* ... */]);
Returns an LF-tag definition.
Parameter Syntax
$result = $client->getLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
Result Syntax
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
]
Result Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Type: Array of strings
A list of possible values an attribute can take.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
GetQueryState
$result = $client->getQueryState([/* ... */]); $promise = $client->getQueryStateAsync([/* ... */]);
Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.
Parameter Syntax
$result = $client->getQueryState([
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Error' => '<string>',
'State' => 'PENDING|WORKUNITS_AVAILABLE|ERROR|FINISHED|EXPIRED',
]
Result Details
Members
- Error
-
- Type: string
An error message when the operation fails.
- State
-
- Required: Yes
- Type: string
The state of a query previously submitted. The possible states are:
-
PENDING: the query is pending.
-
WORKUNITS_AVAILABLE: some work units are ready for retrieval and execution.
-
FINISHED: the query planning finished successfully, and all work units are ready for retrieval and execution.
-
ERROR: an error occurred with the query, such as an invalid query ID or a backend error.
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
Access to a resource was denied.
GetQueryStatistics
$result = $client->getQueryStatistics([/* ... */]); $promise = $client->getQueryStatisticsAsync([/* ... */]);
Retrieves statistics on the planning and execution of a query.
Parameter Syntax
$result = $client->getQueryStatistics([
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'ExecutionStatistics' => [
'AverageExecutionTimeMillis' => <integer>,
'DataScannedBytes' => <integer>,
'WorkUnitsExecutedCount' => <integer>,
],
'PlanningStatistics' => [
'EstimatedDataToScanBytes' => <integer>,
'PlanningTimeMillis' => <integer>,
'QueueTimeMillis' => <integer>,
'WorkUnitsGeneratedCount' => <integer>,
],
'QuerySubmissionTime' => <DateTime>,
]
Result Details
Members
- ExecutionStatistics
-
- Type: ExecutionStatistics structure
An
ExecutionStatisticsstructure containing execution statistics. - PlanningStatistics
-
- Type: PlanningStatistics structure
A
PlanningStatisticsstructure containing query planning statistics. - QuerySubmissionTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the query was submitted.
Errors
-
StatisticsNotReadyYetException:
Contains details about an error related to statistics not being ready.
-
An internal service error occurred.
-
The input provided was not valid.
-
Access to a resource was denied.
-
Contains details about an error where the query request expired.
-
Contains details about an error where the query request was throttled.
GetResourceLFTags
$result = $client->getResourceLFTags([/* ... */]); $promise = $client->getResourceLFTagsAsync([/* ... */]);
Returns the LF-tags applied to a resource.
Parameter Syntax
$result = $client->getResourceLFTags([
'CatalogId' => '<string>',
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ShowAssignedLFTags' => true || false,
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource for which you want to return LF-tags.
- ShowAssignedLFTags
-
- Type: boolean
Indicates whether to show the assigned LF-tags.
Result Syntax
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of LF-tags applied to a database resource.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of LF-tags applied to a column resource.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of LF-tags applied to a table resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
GetTableObjects
$result = $client->getTableObjects([/* ... */]); $promise = $client->getTableObjectsAsync([/* ... */]);
Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.
Parameter Syntax
$result = $client->getTableObjects([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'PartitionPredicate' => '<string>',
'QueryAsOfTime' => <integer || string || DateTime>,
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog containing the governed table. Defaults to the caller’s account.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the governed table.
- MaxResults
-
- Type: int
Specifies how many values to return in a page.
- NextToken
-
- Type: string
A continuation token if this is not the first call to retrieve these objects.
- PartitionPredicate
-
- Type: string
A predicate to filter the objects returned based on the partition keys defined in the governed table.
-
The comparison operators supported are: =, >, <, >=, <=
-
The logical operators supported are: AND
-
The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.
- QueryAsOfTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with
TransactionId. - TableName
-
- Required: Yes
- Type: string
The governed table for which to retrieve objects.
- TransactionId
-
- Type: string
The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with
QueryAsOfTime.
Result Syntax
[
'NextToken' => '<string>',
'Objects' => [
[
'Objects' => [
[
'ETag' => '<string>',
'Size' => <integer>,
'Uri' => '<string>',
],
// ...
],
'PartitionValues' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token indicating whether additional data is available.
- Objects
-
- Type: Array of PartitionObjects structures
A list of objects organized by partition keys.
Errors
-
A specified entity does not exist
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
Contains details about an error related to a transaction that was cancelled.
-
Contains details about an error related to a resource which is not ready for a transaction.
GetTemporaryGluePartitionCredentials
$result = $client->getTemporaryGluePartitionCredentials([/* ... */]); $promise = $client->getTemporaryGluePartitionCredentialsAsync([/* ... */]);
This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.
Parameter Syntax
$result = $client->getTemporaryGluePartitionCredentials([
'AuditContext' => [
'AdditionalAuditContext' => '<string>',
],
'DurationSeconds' => <integer>,
'Partition' => [ // REQUIRED
'Values' => ['<string>', ...], // REQUIRED
],
'Permissions' => ['<string>', ...],
'SupportedPermissionTypes' => ['<string>', ...], // REQUIRED
'TableArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AuditContext
-
- Type: AuditContext structure
A structure representing context to access a resource (column names, query ID, etc).
- DurationSeconds
-
- Type: int
The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.
- Partition
-
- Required: Yes
- Type: PartitionValueList structure
A list of partition values identifying a single partition.
- Permissions
-
- Type: Array of strings
Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).
- SupportedPermissionTypes
-
- Required: Yes
- Type: Array of strings
A list of supported permission types for the partition. Valid values are
COLUMN_PERMISSIONandCELL_FILTER_PERMISSION. - TableArn
-
- Required: Yes
- Type: string
The ARN of the partitions' table.
Result Syntax
[
'AccessKeyId' => '<string>',
'Expiration' => <DateTime>,
'SecretAccessKey' => '<string>',
'SessionToken' => '<string>',
]
Result Details
Members
- AccessKeyId
-
- Type: string
The access key ID for the temporary credentials.
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the temporary credentials expire.
- SecretAccessKey
-
- Type: string
The secret key for the temporary credentials.
- SessionToken
-
- Type: string
The session token for the temporary credentials.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
-
Access to a resource was denied.
-
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the
GetTemporaryGlueTableCredentialsoperation withSupportedPermissionTypeequal toColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
GetTemporaryGlueTableCredentials
$result = $client->getTemporaryGlueTableCredentials([/* ... */]); $promise = $client->getTemporaryGlueTableCredentialsAsync([/* ... */]);
Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
Parameter Syntax
$result = $client->getTemporaryGlueTableCredentials([
'AuditContext' => [
'AdditionalAuditContext' => '<string>',
],
'DurationSeconds' => <integer>,
'Permissions' => ['<string>', ...],
'SupportedPermissionTypes' => ['<string>', ...], // REQUIRED
'TableArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AuditContext
-
- Type: AuditContext structure
A structure representing context to access a resource (column names, query ID, etc).
- DurationSeconds
-
- Type: int
The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.
- Permissions
-
- Type: Array of strings
Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).
- SupportedPermissionTypes
-
- Required: Yes
- Type: Array of strings
A list of supported permission types for the table. Valid values are
COLUMN_PERMISSIONandCELL_FILTER_PERMISSION. - TableArn
-
- Required: Yes
- Type: string
The ARN identifying a table in the Data Catalog for the temporary credentials request.
Result Syntax
[
'AccessKeyId' => '<string>',
'Expiration' => <DateTime>,
'SecretAccessKey' => '<string>',
'SessionToken' => '<string>',
]
Result Details
Members
- AccessKeyId
-
- Type: string
The access key ID for the temporary credentials.
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the temporary credentials expire.
- SecretAccessKey
-
- Type: string
The secret key for the temporary credentials.
- SessionToken
-
- Type: string
The session token for the temporary credentials.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
-
Access to a resource was denied.
-
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the
GetTemporaryGlueTableCredentialsoperation withSupportedPermissionTypeequal toColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
GetWorkUnitResults
$result = $client->getWorkUnitResults([/* ... */]); $promise = $client->getWorkUnitResultsAsync([/* ... */]);
Returns the work units resulting from the query. Work units can be executed in any order and in parallel.
Parameter Syntax
$result = $client->getWorkUnitResults([
'QueryId' => '<string>', // REQUIRED
'WorkUnitId' => <integer>, // REQUIRED
'WorkUnitToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation for which to get results.
- WorkUnitId
-
- Required: Yes
- Type: long (int|float)
The work unit ID for which to get results. Value generated by enumerating
WorkUnitIdMintoWorkUnitIdMax(inclusive) from theWorkUnitRangein the output ofGetWorkUnits. - WorkUnitToken
-
- Required: Yes
- Type: string
A work token used to query the execution service. Token output from
GetWorkUnits.
Result Syntax
[
'ResultStream' => <string || resource || Psr\Http\Message\StreamInterface>,
]
Result Details
Members
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
Access to a resource was denied.
-
Contains details about an error where the query request expired.
-
Contains details about an error where the query request was throttled.
GetWorkUnits
$result = $client->getWorkUnits([/* ... */]); $promise = $client->getWorkUnitsAsync([/* ... */]);
Retrieves the work units generated by the StartQueryPlanning operation.
Parameter Syntax
$result = $client->getWorkUnits([
'NextToken' => '<string>',
'PageSize' => <integer>,
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- PageSize
-
- Type: int
The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
Result Syntax
[
'NextToken' => '<string>',
'QueryId' => '<string>',
'WorkUnitRanges' => [
[
'WorkUnitIdMax' => <integer>,
'WorkUnitIdMin' => <integer>,
'WorkUnitToken' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
- WorkUnitRanges
-
- Required: Yes
- Type: Array of WorkUnitRange structures
A
WorkUnitRangeListobject that specifies the valid range of work unit IDs for querying the execution service.
Errors
-
WorkUnitsNotReadyYetException:
Contains details about an error related to work units not being ready.
-
An internal service error occurred.
-
The input provided was not valid.
-
Access to a resource was denied.
-
Contains details about an error where the query request expired.
GrantPermissions
$result = $client->grantPermissions([/* ... */]); $promise = $client->grantPermissionsAsync([/* ... */]);
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->grantPermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the
Privileges. - Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.
Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
A specified entity does not exist
-
The input provided was not valid.
ListDataCellsFilter
$result = $client->listDataCellsFilter([/* ... */]); $promise = $client->listDataCellsFilterAsync([/* ... */]);
Lists all the data cell filters on a table.
Parameter Syntax
$result = $client->listDataCellsFilter([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum size of the response.
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- Table
-
- Type: TableResource structure
A table in the Glue Data Catalog.
Result Syntax
[
'DataCellsFilters' => [
[
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DataCellsFilters
-
- Type: Array of DataCellsFilter structures
A list of
DataCellFilterstructures. - NextToken
-
- Type: string
A continuation token, if not all requested data cell filters have been returned.
Errors
-
The input provided was not valid.
-
The operation timed out.
-
An internal service error occurred.
-
Access to a resource was denied.
ListLFTags
$result = $client->listLFTags([/* ... */]); $promise = $client->listLFTagsAsync([/* ... */]);
Lists LF-tags that the requester has permission to view.
Parameter Syntax
$result = $client->listLFTags([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceShareType' => 'FOREIGN|ALL',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceShareType
-
- Type: string
If resource share type is
ALL, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type isFOREIGN, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.
Result Syntax
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LFTags
-
- Type: Array of LFTagPair structures
A list of LF-tags that the requested has permission to view.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
ListPermissions
$result = $client->listPermissions([/* ... */]); $promise = $client->listPermissionsAsync([/* ... */]);
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->listPermissions([
'CatalogId' => '<string>',
'IncludeRelated' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ResourceType' => 'CATALOG|DATABASE|TABLE|DATA_LOCATION|LF_TAG|LF_TAG_POLICY|LF_TAG_POLICY_DATABASE|LF_TAG_POLICY_TABLE',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- IncludeRelated
-
- Type: string
Indicates that related permissions should be included in the results.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Principal
-
- Type: DataLakePrincipal structure
Specifies a principal to filter the permissions returned.
- Resource
-
- Type: Resource structure
A resource where you will get a list of the principal permissions.
This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.
- ResourceType
-
- Type: string
Specifies a resource type to filter the permissions returned.
Result Syntax
[
'NextToken' => '<string>',
'PrincipalResourcePermissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- PrincipalResourcePermissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of principals and their permissions on the resource for the specified principal and resource types.
Errors
-
The input provided was not valid.
-
The operation timed out.
-
An internal service error occurred.
ListResources
$result = $client->listResources([/* ... */]); $promise = $client->listResourcesAsync([/* ... */]);
Lists the resources registered to be managed by the Data Catalog.
Parameter Syntax
$result = $client->listResources([
'FilterConditionList' => [
[
'ComparisonOperator' => 'EQ|NE|LE|LT|GE|GT|CONTAINS|NOT_CONTAINS|BEGINS_WITH|IN|BETWEEN',
'Field' => 'RESOURCE_ARN|ROLE_ARN|LAST_MODIFIED',
'StringValueList' => ['<string>', ...],
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- FilterConditionList
-
- Type: Array of FilterCondition structures
Any applicable row-level and/or column-level filtering conditions for the resources.
- MaxResults
-
- Type: int
The maximum number of resource results.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
Result Syntax
[
'NextToken' => '<string>',
'ResourceInfoList' => [
[
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
- ResourceInfoList
-
- Type: Array of ResourceInfo structures
A summary of the data lake resources.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
ListTableStorageOptimizers
$result = $client->listTableStorageOptimizers([/* ... */]); $promise = $client->listTableStorageOptimizersAsync([/* ... */]);
Returns the configuration of all storage optimizers associated with a specified table.
Parameter Syntax
$result = $client->listTableStorageOptimizers([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
'TableName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Catalog ID of the table.
- DatabaseName
-
- Required: Yes
- Type: string
Name of the database where the table is present.
- MaxResults
-
- Type: int
The number of storage optimizers to return on each call.
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- StorageOptimizerType
-
- Type: string
The specific type of storage optimizers to list. The supported value is
compaction. - TableName
-
- Required: Yes
- Type: string
Name of the table.
Result Syntax
[
'NextToken' => '<string>',
'StorageOptimizerList' => [
[
'Config' => ['<string>', ...],
'ErrorMessage' => '<string>',
'LastRunDetails' => '<string>',
'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
'Warnings' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.
- StorageOptimizerList
-
- Type: Array of StorageOptimizer structures
A list of the storage optimizers associated with a table.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
Access to a resource was denied.
-
An internal service error occurred.
ListTransactions
$result = $client->listTransactions([/* ... */]); $promise = $client->listTransactionsAsync([/* ... */]);
Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.
This operation can help you identify uncommitted transactions or to get information about transactions.
Parameter Syntax
$result = $client->listTransactions([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StatusFilter' => 'ALL|COMPLETED|ACTIVE|COMMITTED|ABORTED',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog for which to list transactions. Defaults to the account ID of the caller.
- MaxResults
-
- Type: int
The maximum number of transactions to return in a single call.
- NextToken
-
- Type: string
A continuation token if this is not the first call to retrieve transactions.
- StatusFilter
-
- Type: string
A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is
ALL.
Result Syntax
[
'NextToken' => '<string>',
'Transactions' => [
[
'TransactionEndTime' => <DateTime>,
'TransactionId' => '<string>',
'TransactionStartTime' => <DateTime>,
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token indicating whether additional data is available.
- Transactions
-
- Type: Array of TransactionDescription structures
A list of transactions. The record for each transaction is a
TransactionDescriptionobject.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
PutDataLakeSettings
$result = $client->putDataLakeSettings([/* ... */]); $promise = $client->putDataLakeSettingsAsync([/* ... */]);
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.
This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
Parameter Syntax
$result = $client->putDataLakeSettings([
'CatalogId' => '<string>',
'DataLakeSettings' => [ // REQUIRED
'AllowExternalDataFiltering' => true || false,
'AuthorizedSessionTagValueList' => ['<string>', ...],
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'ExternalDataFilteringAllowList' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- DataLakeSettings
-
- Required: Yes
- Type: DataLakeSettings structure
A structure representing a list of Lake Formation principals designated as data lake administrators.
Result Syntax
[]
Result Details
Errors
-
An internal service error occurred.
-
The input provided was not valid.
RegisterResource
$result = $client->registerResource([/* ... */]); $promise = $client->registerResourceAsync([/* ... */]);
Registers the resource as managed by the Data Catalog.
To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.
The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.
ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true
If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:
arn:aws:iam::12345:role/my-data-access-role
Parameter Syntax
$result = $client->registerResource([
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>',
'UseServiceLinkedRole' => true || false,
]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to register.
- RoleArn
-
- Type: string
The identifier for the role that registers the resource.
- UseServiceLinkedRole
-
- Type: boolean
Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.
For more information, see Using Service-Linked Roles for Lake Formation.
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A resource to be created or added already exists.
-
A specified entity does not exist
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
Access to a resource was denied.
RemoveLFTagsFromResource
$result = $client->removeLFTagsFromResource([/* ... */]); $promise = $client->removeLFTagsFromResourceAsync([/* ... */]);
Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.
Parameter Syntax
$result = $client->removeLFTagsFromResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The LF-tags to be removed from the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource where you want to remove an LF-tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to untag a resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
RevokePermissions
$result = $client->revokePermissions([/* ... */]); $promise = $client->revokePermissionsAsync([/* ... */]);
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
Parameter Syntax
$result = $client->revokePermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.
- Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be revoked permissions on the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be revoked.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
A specified entity does not exist
-
The input provided was not valid.
SearchDatabasesByLFTags
$result = $client->searchDatabasesByLFTags([/* ... */]); $promise = $client->searchDatabasesByLFTagsAsync([/* ... */]);
This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchDatabasesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in database resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'DatabaseList' => [
[
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DatabaseList
-
- Type: Array of TaggedDatabase structures
A list of databases that meet the LF-tag conditions.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
A specified entity does not exist
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
SearchTablesByLFTags
$result = $client->searchTablesByLFTags([/* ... */]); $promise = $client->searchTablesByLFTagsAsync([/* ... */]);
This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchTablesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in table resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'NextToken' => '<string>',
'TableList' => [
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
- TableList
-
- Type: Array of TaggedTable structures
A list of tables that meet the LF-tag conditions.
Errors
-
A specified entity does not exist
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
StartQueryPlanning
$result = $client->startQueryPlanning([/* ... */]); $promise = $client->startQueryPlanningAsync([/* ... */]);
Submits a request to process a query statement.
This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.
Parameter Syntax
$result = $client->startQueryPlanning([
'QueryPlanningContext' => [ // REQUIRED
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'QueryAsOfTime' => <integer || string || DateTime>,
'QueryParameters' => ['<string>', ...],
'TransactionId' => '<string>',
],
'QueryString' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryPlanningContext
-
- Required: Yes
- Type: QueryPlanningContext structure
A structure containing information about the query plan.
- QueryString
-
- Required: Yes
- Type: string
A PartiQL query statement used as an input to the planner service.
Result Syntax
[
'QueryId' => '<string>',
]
Result Details
Members
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
Access to a resource was denied.
-
Contains details about an error where the query request was throttled.
StartTransaction
$result = $client->startTransaction([/* ... */]); $promise = $client->startTransactionAsync([/* ... */]);
Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.
Parameter Syntax
$result = $client->startTransaction([
'TransactionType' => 'READ_AND_WRITE|READ_ONLY',
]);
Parameter Details
Members
Result Syntax
[
'TransactionId' => '<string>',
]
Result Details
Errors
-
An internal service error occurred.
-
The operation timed out.
UpdateLFTag
$result = $client->updateLFTag([/* ... */]); $promise = $client->updateLFTagAsync([/* ... */]);
Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.
Parameter Syntax
$result = $client->updateLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValuesToAdd' => ['<string>', ...],
'TagValuesToDelete' => ['<string>', ...],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag for which to add or delete values.
- TagValuesToAdd
-
- Type: Array of strings
A list of LF-tag values to add from the LF-tag.
- TagValuesToDelete
-
- Type: Array of strings
A list of LF-tag values to delete from the LF-tag.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
Access to a resource was denied.
UpdateResource
$result = $client->updateResource([/* ... */]); $promise = $client->updateResourceAsync([/* ... */]);
Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
Parameter Syntax
$result = $client->updateResource([
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
UpdateTableObjects
$result = $client->updateTableObjects([/* ... */]); $promise = $client->updateTableObjectsAsync([/* ... */]);
Updates the manifest of Amazon S3 objects that make up the specified governed table.
Parameter Syntax
$result = $client->updateTableObjects([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>',
'WriteOperations' => [ // REQUIRED
[
'AddObject' => [
'ETag' => '<string>', // REQUIRED
'PartitionValues' => ['<string>', ...],
'Size' => <integer>, // REQUIRED
'Uri' => '<string>', // REQUIRED
],
'DeleteObject' => [
'ETag' => '<string>',
'PartitionValues' => ['<string>', ...],
'Uri' => '<string>', // REQUIRED
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog containing the governed table to update. Defaults to the caller’s account ID.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the governed table to update.
- TableName
-
- Required: Yes
- Type: string
The governed table to update.
- TransactionId
-
- Type: string
The transaction at which to do the write.
- WriteOperations
-
- Required: Yes
- Type: Array of WriteOperation structures
A list of
WriteOperationobjects that define an object to add to or delete from the manifest for a governed table.
Result Syntax
[]
Result Details
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
A specified entity does not exist
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
Contains details about an error related to a transaction that was cancelled.
-
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
-
Contains details about an error related to a resource which is not ready for a transaction.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
UpdateTableStorageOptimizer
$result = $client->updateTableStorageOptimizer([/* ... */]); $promise = $client->updateTableStorageOptimizerAsync([/* ... */]);
Updates the configuration of the storage optimizers for a table.
Parameter Syntax
$result = $client->updateTableStorageOptimizer([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'StorageOptimizerConfig' => [ // REQUIRED
'<OptimizerType>' => ['<string>', ...],
// ...
],
'TableName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Catalog ID of the table.
- DatabaseName
-
- Required: Yes
- Type: string
Name of the database where the table is present.
- StorageOptimizerConfig
-
- Required: Yes
- Type: Associative array of custom strings keys (OptimizerType) to stringss
Name of the table for which to enable the storage optimizer.
- TableName
-
- Required: Yes
- Type: string
Name of the table for which to enable the storage optimizer.
Result Syntax
[
'Result' => '<string>',
]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
Access to a resource was denied.
-
An internal service error occurred.
Shapes
AccessDeniedException
Description
Access to a resource was denied.
Members
AddObjectInput
Description
A new object to add to the governed table.
Members
- ETag
-
- Required: Yes
- Type: string
The Amazon S3 ETag of the object. Returned by
GetTableObjectsfor validation and used to identify changes to the underlying data. - PartitionValues
-
- Type: Array of strings
A list of partition values for the object. A value must be specified for each partition key associated with the table.
The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.
- Size
-
- Required: Yes
- Type: long (int|float)
The size of the Amazon S3 object in bytes.
- Uri
-
- Required: Yes
- Type: string
The Amazon S3 location of the object.
AllRowsWildcard
Description
A structure that you pass to indicate you want all rows in a filter.
Members
AlreadyExistsException
Description
A resource to be created or added already exists.
Members
AuditContext
Description
A structure used to include auditing information on the privileged API.
Members
BatchPermissionsFailureEntry
Description
A list of failures when performing a batch grant or batch revoke operation.
Members
- Error
-
- Type: ErrorDetail structure
An error message that applies to the failure of the entry.
- RequestEntry
-
- Type: BatchPermissionsRequestEntry structure
An identifier for an entry of the batch request.
BatchPermissionsRequestEntry
Description
A permission to a resource granted by batch operation to the principal.
Members
- Id
-
- Required: Yes
- Type: string
A unique identifier for the batch permissions request entry.
- Permissions
-
- Type: Array of strings
The permissions to be granted.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates if the option to pass permissions is granted.
- Principal
-
- Type: DataLakePrincipal structure
The principal to be granted a permission.
- Resource
-
- Type: Resource structure
The resource to which the principal is to be granted a permission.
CatalogResource
Description
A structure for the catalog object.
Members
ColumnLFTag
Description
A structure containing the name of a column resource and the LF-tags attached to it.
Members
- LFTags
-
- Type: Array of LFTagPair structures
The LF-tags attached to a column resource.
- Name
-
- Type: string
The name of a column resource.
ColumnWildcard
Description
A wildcard object, consisting of an optional list of excluded column names or indexes.
Members
ConcurrentModificationException
Description
Two processes are trying to modify a resource simultaneously.
Members
DataCellsFilter
Description
A structure that describes certain columns on certain rows.
Members
- ColumnNames
-
- Type: Array of strings
A list of column names.
- ColumnWildcard
-
- Type: ColumnWildcard structure
A wildcard with exclusions.
You must specify either a
ColumnNameslist or theColumnWildCard. - DatabaseName
-
- Required: Yes
- Type: string
A database in the Glue Data Catalog.
- Name
-
- Required: Yes
- Type: string
The name given by the user to the data filter cell.
- RowFilter
-
- Type: RowFilter structure
A PartiQL predicate.
- TableCatalogId
-
- Required: Yes
- Type: string
The ID of the catalog to which the table belongs.
- TableName
-
- Required: Yes
- Type: string
A table in the database.
DataCellsFilterResource
Description
A structure for a data cells filter resource.
Members
DataLakePrincipal
Description
The Lake Formation principal. Supported principals are IAM users or IAM roles.
Members
DataLakeSettings
Description
A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
Members
- AllowExternalDataFiltering
-
- Type: boolean
Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
For more information, see (Optional) Allow Data Filtering on Amazon EMR.
- AuthorizedSessionTagValueList
-
- Type: Array of strings
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.
- CreateDatabaseDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions. You can override this default setting when you create a database.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
- CreateTableDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
- DataLakeAdmins
-
- Type: Array of DataLakePrincipal structures
A list of Lake Formation principals. Supported principals are IAM users or IAM roles.
- ExternalDataFilteringAllowList
-
- Type: Array of DataLakePrincipal structures
A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>
- TrustedResourceOwners
-
- Type: Array of strings
A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.
You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
DataLocationResource
Description
A structure for a data location object where permissions are granted or revoked.
Members
DatabaseResource
Description
A structure for the database object.
Members
DeleteObjectInput
Description
An object to delete from the governed table.
Members
- ETag
-
- Type: string
The Amazon S3 ETag of the object. Returned by
GetTableObjectsfor validation and used to identify changes to the underlying data. - PartitionValues
-
- Type: Array of strings
A list of partition values for the object. A value must be specified for each partition key associated with the governed table.
- Uri
-
- Required: Yes
- Type: string
The Amazon S3 location of the object to delete.
DetailsMap
Description
A structure containing the additional details to be returned in the AdditionalDetails attribute of PrincipalResourcePermissions.
If a catalog resource is shared through Resource Access Manager (RAM), then there will exist a corresponding RAM resource share ARN.
Members
EntityNotFoundException
Description
A specified entity does not exist
Members
ErrorDetail
Description
Contains details about an error.
Members
ExecutionStatistics
Description
Statistics related to the processing of a query statement.
Members
ExpiredException
Description
Contains details about an error where the query request expired.
Members
FilterCondition
Description
This structure describes the filtering of columns in a table based on a filter condition.
Members
GlueEncryptionException
Description
An encryption operation failed.
Members
InternalServiceException
Description
An internal service error occurred.
Members
InvalidInputException
Description
The input provided was not valid.
Members
LFTag
Description
A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.
Members
LFTagError
Description
A structure containing an error related to a TagResource or UnTagResource operation.
Members
- Error
-
- Type: ErrorDetail structure
An error that occurred with the attachment or detachment of the LF-tag.
- LFTag
-
- Type: LFTagPair structure
The key-name of the LF-tag.
LFTagKeyResource
Description
A structure containing an LF-tag key and values for a resource.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPair
Description
A structure containing an LF-tag key-value pair.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPolicyResource
Description
A structure containing a list of LF-tag conditions that apply to a resource's LF-tag policy.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of LF-tag conditions that apply to the resource's LF-tag policy.
- ResourceType
-
- Required: Yes
- Type: string
The resource type for which the LF-tag policy applies.
OperationTimeoutException
PartitionObjects
Description
A structure containing a list of partition values and table objects.
Members
- Objects
-
- Type: Array of TableObject structures
A list of table objects
- PartitionValues
-
- Type: Array of strings
A list of partition values.
PartitionValueList
Description
Contains a list of values defining partitions.
Members
PermissionTypeMismatchException
Description
The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
Members
PlanningStatistics
Description
Statistics related to the processing of a query statement.
Members
- EstimatedDataToScanBytes
-
- Type: long (int|float)
An estimate of the data that was scanned in bytes.
- PlanningTimeMillis
-
- Type: long (int|float)
The time that it took to process the request.
- QueueTimeMillis
-
- Type: long (int|float)
The time the request was in queue to be processed.
- WorkUnitsGeneratedCount
-
- Type: long (int|float)
The number of work units generated.
PrincipalPermissions
Description
Permissions granted to a principal.
Members
- Permissions
-
- Type: Array of strings
The permissions that are granted to the principal.
- Principal
-
- Type: DataLakePrincipal structure
The principal who is granted permissions.
PrincipalResourcePermissions
Description
The permissions granted or revoked on a resource.
Members
- AdditionalDetails
-
- Type: DetailsMap structure
This attribute can be used to return any additional details of
PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN. - Permissions
-
- Type: Array of strings
The permissions to be granted or revoked on the resource.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).
- Principal
-
- Type: DataLakePrincipal structure
The Data Lake principal to be granted or revoked permissions.
- Resource
-
- Type: Resource structure
The resource where permissions are to be granted or revoked.
QueryPlanningContext
Description
A structure containing information about the query plan.
Members
- CatalogId
-
- Type: string
The ID of the Data Catalog where the partition in question resides. If none is provided, the Amazon Web Services account ID is used by default.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the table.
- QueryAsOfTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with
TransactionId. - QueryParameters
-
- Type: Associative array of custom strings keys (String) to strings
A map consisting of key-value pairs.
- TransactionId
-
- Type: string
The transaction ID at which to read the table contents. If this transaction is not committed, the read will be treated as part of that transaction and will see its writes. If this transaction has aborted, an error will be returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with
QueryAsOfTime.
Resource
Description
A structure for the resource.
Members
- Catalog
-
- Type: CatalogResource structure
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- DataCellsFilter
-
- Type: DataCellsFilterResource structure
A data cell filter.
- DataLocation
-
- Type: DataLocationResource structure
The location of an Amazon S3 path where permissions are granted or revoked.
- Database
-
- Type: DatabaseResource structure
The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
- LFTag
-
- Type: LFTagKeyResource structure
The LF-tag key and values attached to a resource.
- LFTagPolicy
-
- Type: LFTagPolicyResource structure
A list of LF-tag conditions that define a resource's LF-tag policy.
- Table
-
- Type: TableResource structure
The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
- TableWithColumns
-
- Type: TableWithColumnsResource structure
The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.
ResourceInfo
Description
A structure containing information about an Lake Formation resource.
Members
ResourceNotReadyException
Description
Contains details about an error related to a resource which is not ready for a transaction.
Members
ResourceNumberLimitExceededException
Description
A resource numerical limit was exceeded.
Members
RowFilter
Description
A PartiQL predicate.
Members
- AllRowsWildcard
-
- Type: AllRowsWildcard structure
A wildcard for all rows.
- FilterExpression
-
- Type: string
A filter expression.
StatisticsNotReadyYetException
Description
Contains details about an error related to statistics not being ready.
Members
StorageOptimizer
Description
A structure describing the configuration and details of a storage optimizer.
Members
- Config
-
- Type: Associative array of custom strings keys (StorageOptimizerConfigKey) to strings
A map of the storage optimizer configuration. Currently contains only one key-value pair:
is_enabledindicates true or false for acceleration. - ErrorMessage
-
- Type: string
A message that contains information about any error (if present).
When an acceleration result has an enabled status, the error message is empty.
When an acceleration result has a disabled status, the message describes an error or simply indicates "disabled by the user".
- LastRunDetails
-
- Type: string
When an acceleration result has an enabled status, contains the details of the last job run.
- StorageOptimizerType
-
- Type: string
The specific type of storage optimizer. The supported value is
compaction. - Warnings
-
- Type: string
A message that contains information about any warnings (if present).
TableObject
Description
Specifies the details of a governed table.
Members
TableResource
Description
A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Type: string
The name of the table.
- TableWildcard
-
- Type: TableWildcard structure
A wildcard object representing every table under a database.
At least one of
TableResource$NameorTableResource$TableWildcardis required.
TableWildcard
Description
A wildcard object representing every table under a database.
Members
TableWithColumnsResource
Description
A structure for a table with columns object. This object is only used when granting a SELECT permission.
This object must take a value for at least one of ColumnsNames, ColumnsIndexes, or ColumnsWildcard.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- ColumnNames
-
- Type: Array of strings
The list of column names for the table. At least one of
ColumnNamesorColumnWildcardis required. - ColumnWildcard
-
- Type: ColumnWildcard structure
A wildcard specified by a
ColumnWildcardobject. At least one ofColumnNamesorColumnWildcardis required. - DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Required: Yes
- Type: string
The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
TaggedDatabase
Description
A structure describing a database resource with LF-tags.
Members
- Database
-
- Type: DatabaseResource structure
A database that has LF-tags attached to it.
- LFTags
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the database.
TaggedTable
Description
A structure describing a table resource with LF-tags.
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the database where the table resides.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of LF-tags attached to columns in the table.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the table.
- Table
-
- Type: TableResource structure
A table that has LF-tags attached to it.
ThrottledException
Description
Contains details about an error where the query request was throttled.
Members
TransactionCanceledException
Description
Contains details about an error related to a transaction that was cancelled.
Members
TransactionCommitInProgressException
Description
Contains details about an error related to a transaction commit that was in progress.
Members
TransactionCommittedException
Description
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
Members
TransactionDescription
Description
A structure that contains information about a transaction.
Members
- TransactionEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the transaction committed or aborted, if it is not currently active.
- TransactionId
-
- Type: string
The ID of the transaction.
- TransactionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the transaction started.
- TransactionStatus
-
- Type: string
A status of ACTIVE, COMMITTED, or ABORTED.
VirtualObject
Description
An object that defines an Amazon S3 object to be deleted if a transaction cancels, provided that VirtualPut was called before writing the object.
Members
WorkUnitRange
Description
Defines the valid range of work unit IDs for querying the execution service.
Members
- WorkUnitIdMax
-
- Required: Yes
- Type: long (int|float)
Defines the maximum work unit ID in the range. The maximum value is inclusive.
- WorkUnitIdMin
-
- Required: Yes
- Type: long (int|float)
Defines the minimum work unit ID in the range.
- WorkUnitToken
-
- Required: Yes
- Type: string
A work token used to query the execution service.
WorkUnitsNotReadyYetException
Description
Contains details about an error related to work units not being ready.
Members
WriteOperation
Description
Defines an object to add to or delete from a governed table.
Members
- AddObject
-
- Type: AddObjectInput structure
A new object to add to the governed table.
- DeleteObject
-
- Type: DeleteObjectInput structure
An object to delete from the governed table.