AWS SDK for PHP 3.x

Client: Aws\LakeFormation\LakeFormationClient

Service ID: lakeformation

Version: 2017-03-31

This page describes the parameters and results for the operations of the AWS Lake Formation (2017-03-31), and shows how to use the Aws\LakeFormation\LakeFormationClient object to call the described operations. This documentation is specific to the 2017-03-31 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AddLFTagsToResource ( array $params = [] )
Attaches one or more LF-tags to an existing resource.
AssumeDecoratedRoleWithSAML ( array $params = [] )
Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request.
BatchGrantPermissions ( array $params = [] )
Batch operation to grant permissions to the principal.
BatchRevokePermissions ( array $params = [] )
Batch operation to revoke permissions from the principal.
CancelTransaction ( array $params = [] )
Attempts to cancel the specified transaction.
CommitTransaction ( array $params = [] )
Attempts to commit the specified transaction.
CreateDataCellsFilter ( array $params = [] )
Creates a data cell filter to allow one to grant access to certain columns on certain rows.
CreateLFTag ( array $params = [] )
Creates an LF-tag with the specified name and values.
CreateLakeFormationIdentityCenterConfiguration ( array $params = [] )
Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
CreateLakeFormationOptIn ( array $params = [] )
Enforce Lake Formation permissions for the given databases, tables, and principals.
DeleteDataCellsFilter ( array $params = [] )
Deletes a data cell filter.
DeleteLFTag ( array $params = [] )
Deletes the specified LF-tag given a key name.
DeleteLakeFormationIdentityCenterConfiguration ( array $params = [] )
Deletes an IAM Identity Center connection with Lake Formation.
DeleteLakeFormationOptIn ( array $params = [] )
Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
DeleteObjectsOnCancel ( array $params = [] )
For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.
DeregisterResource ( array $params = [] )
Deregisters the resource as managed by the Data Catalog.
DescribeLakeFormationIdentityCenterConfiguration ( array $params = [] )
Retrieves the instance ARN and application ARN for the connection.
DescribeResource ( array $params = [] )
Retrieves the current data access role for the given resource registered in Lake Formation.
DescribeTransaction ( array $params = [] )
Returns the details of a single transaction.
ExtendTransaction ( array $params = [] )
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
GetDataCellsFilter ( array $params = [] )
Returns a data cells filter.
GetDataLakeSettings ( array $params = [] )
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
GetEffectivePermissionsForPath ( array $params = [] )
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
GetLFTag ( array $params = [] )
Returns an LF-tag definition.
GetQueryState ( array $params = [] )
Returns the state of a query previously submitted.
GetQueryStatistics ( array $params = [] )
Retrieves statistics on the planning and execution of a query.
GetResourceLFTags ( array $params = [] )
Returns the LF-tags applied to a resource.
GetTableObjects ( array $params = [] )
Returns the set of Amazon S3 objects that make up the specified governed table.
GetTemporaryGluePartitionCredentials ( array $params = [] )
This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.
GetTemporaryGlueTableCredentials ( array $params = [] )
Allows a caller in a secure environment to assume a role with permission to access Amazon S3.
GetWorkUnitResults ( array $params = [] )
Returns the work units resulting from the query.
GetWorkUnits ( array $params = [] )
Retrieves the work units generated by the StartQueryPlanning operation.
GrantPermissions ( array $params = [] )
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
ListDataCellsFilter ( array $params = [] )
Lists all the data cell filters on a table.
ListLFTags ( array $params = [] )
Lists LF-tags that the requester has permission to view.
ListLakeFormationOptIns ( array $params = [] )
Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
ListPermissions ( array $params = [] )
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
ListResources ( array $params = [] )
Lists the resources registered to be managed by the Data Catalog.
ListTableStorageOptimizers ( array $params = [] )
Returns the configuration of all storage optimizers associated with a specified table.
ListTransactions ( array $params = [] )
Returns metadata about transactions and their status.
PutDataLakeSettings ( array $params = [] )
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
RegisterResource ( array $params = [] )
Registers the resource as managed by the Data Catalog.
RemoveLFTagsFromResource ( array $params = [] )
Removes an LF-tag from the resource.
RevokePermissions ( array $params = [] )
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
SearchDatabasesByLFTags ( array $params = [] )
This operation allows a search on DATABASE resources by TagCondition.
SearchTablesByLFTags ( array $params = [] )
This operation allows a search on TABLE resources by LFTags.
StartQueryPlanning ( array $params = [] )
Submits a request to process a query statement.
StartTransaction ( array $params = [] )
Starts a new transaction and returns its transaction ID.
UpdateDataCellsFilter ( array $params = [] )
Updates a data cell filter.
UpdateLFTag ( array $params = [] )
Updates the list of possible values for the specified LF-tag key.
UpdateLakeFormationIdentityCenterConfiguration ( array $params = [] )
Updates the IAM Identity Center connection parameters.
UpdateResource ( array $params = [] )
Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
UpdateTableObjects ( array $params = [] )
Updates the manifest of Amazon S3 objects that make up the specified governed table.
UpdateTableStorageOptimizer ( array $params = [] )
Updates the configuration of the storage optimizers for a table.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

GetEffectivePermissionsForPath
GetTableObjects
GetWorkUnits
ListDataCellsFilter
ListLFTags
ListLakeFormationOptIns
ListPermissions
ListResources
ListTableStorageOptimizers
ListTransactions
SearchDatabasesByLFTags
SearchTablesByLFTags

Operations

AddLFTagsToResource

$result = $client->addLFTagsToResource([/* ... */]);
$promise = $client->addLFTagsToResourceAsync([/* ... */]);

Attaches one or more LF-tags to an existing resource.

Parameter Syntax

$result = $client->addLFTagsToResource([
    'CatalogId' => '<string>',
    'LFTags' => [ // REQUIRED
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

LFTags

Required: Yes
Type: Array of LFTagPair structures

The LF-tags to attach to the resource.

Resource

Required: Yes
Type: Resource structure

The database, table, or column resource to which to attach an LF-tag.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'LFTag' => [
                'CatalogId' => '<string>',
                'TagKey' => '<string>',
                'TagValues' => ['<string>', ...],
            ],
        ],
        // ...
    ],
]

Result Details

Members

Failures

Type: Array of LFTagError structures

A list of failures to tag the resource.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

AssumeDecoratedRoleWithSAML

$result = $client->assumeDecoratedRoleWithSAML([/* ... */]);
$promise = $client->assumeDecoratedRoleWithSAMLAsync([/* ... */]);

Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.

This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:

Parameter Syntax

$result = $client->assumeDecoratedRoleWithSAML([
    'DurationSeconds' => <integer>,
    'PrincipalArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'SAMLAssertion' => '<string>', // REQUIRED
]);

Parameter Details

Members

DurationSeconds

Type: int

The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.

PrincipalArn

Required: Yes
Type: string

The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.

RoleArn

Required: Yes
Type: string

The role that represents an IAM principal whose scope down policy allows it to call credential vending APIs such as GetTemporaryTableCredentials. The caller must also have iam:PassRole permission on this role.

SAMLAssertion

Required: Yes
Type: string

A SAML assertion consisting of an assertion statement for the user who needs temporary credentials. This must match the SAML assertion that was issued to IAM. This must be Base64 encoded.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
]

Result Details

Members

AccessKeyId

Type: string

The access key ID for the temporary credentials. (The access key consists of an access key ID and a secret key).

Expiration

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey

Type: string

The secret key for the temporary credentials. (The access key consists of an access key ID and a secret key).

SessionToken

Type: string

The session token for the temporary credentials.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
AccessDeniedException:
Access to a resource was denied.

BatchGrantPermissions

$result = $client->batchGrantPermissions([/* ... */]);
$promise = $client->batchGrantPermissionsAsync([/* ... */]);

Batch operation to grant permissions to the principal.

Parameter Syntax

$result = $client->batchGrantPermissions([
    'CatalogId' => '<string>',
    'Entries' => [ // REQUIRED
        [
            'Id' => '<string>', // REQUIRED
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>', // REQUIRED
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [ // REQUIRED
                        [
                            'TagKey' => '<string>', // REQUIRED
                            'TagValues' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                    'ResourceType' => 'DATABASE|TABLE', // REQUIRED
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>', // REQUIRED
                ],
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members

CatalogId

Type: string

Entries

Required: Yes
Type: Array of BatchPermissionsRequestEntry structures

A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'RequestEntry' => [
                'Id' => '<string>',
                'Permissions' => ['<string>', ...],
                'PermissionsWithGrantOption' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
                'Resource' => [
                    'Catalog' => [
                    ],
                    'DataCellsFilter' => [
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableCatalogId' => '<string>',
                        'TableName' => '<string>',
                    ],
                    'DataLocation' => [
                        'CatalogId' => '<string>',
                        'ResourceArn' => '<string>',
                    ],
                    'Database' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTag' => [
                        'CatalogId' => '<string>',
                        'TagKey' => '<string>',
                        'TagValues' => ['<string>', ...],
                    ],
                    'LFTagPolicy' => [
                        'CatalogId' => '<string>',
                        'Expression' => [
                            [
                                'TagKey' => '<string>',
                                'TagValues' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'ResourceType' => 'DATABASE|TABLE',
                    ],
                    'Table' => [
                        'CatalogId' => '<string>',
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableWildcard' => [
                        ],
                    ],
                    'TableWithColumns' => [
                        'CatalogId' => '<string>',
                        'ColumnNames' => ['<string>', ...],
                        'ColumnWildcard' => [
                            'ExcludedColumnNames' => ['<string>', ...],
                        ],
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                    ],
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members

Failures

Type: Array of BatchPermissionsFailureEntry structures

A list of failures to grant permissions to the resources.

Errors

InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.

BatchRevokePermissions

$result = $client->batchRevokePermissions([/* ... */]);
$promise = $client->batchRevokePermissionsAsync([/* ... */]);

Batch operation to revoke permissions from the principal.

Parameter Syntax

$result = $client->batchRevokePermissions([
    'CatalogId' => '<string>',
    'Entries' => [ // REQUIRED
        [
            'Id' => '<string>', // REQUIRED
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>', // REQUIRED
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [ // REQUIRED
                        [
                            'TagKey' => '<string>', // REQUIRED
                            'TagValues' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                    'ResourceType' => 'DATABASE|TABLE', // REQUIRED
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>', // REQUIRED
                ],
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members

CatalogId

Type: string

Entries

Required: Yes
Type: Array of BatchPermissionsRequestEntry structures

A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'RequestEntry' => [
                'Id' => '<string>',
                'Permissions' => ['<string>', ...],
                'PermissionsWithGrantOption' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
                'Resource' => [
                    'Catalog' => [
                    ],
                    'DataCellsFilter' => [
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableCatalogId' => '<string>',
                        'TableName' => '<string>',
                    ],
                    'DataLocation' => [
                        'CatalogId' => '<string>',
                        'ResourceArn' => '<string>',
                    ],
                    'Database' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTag' => [
                        'CatalogId' => '<string>',
                        'TagKey' => '<string>',
                        'TagValues' => ['<string>', ...],
                    ],
                    'LFTagPolicy' => [
                        'CatalogId' => '<string>',
                        'Expression' => [
                            [
                                'TagKey' => '<string>',
                                'TagValues' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'ResourceType' => 'DATABASE|TABLE',
                    ],
                    'Table' => [
                        'CatalogId' => '<string>',
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableWildcard' => [
                        ],
                    ],
                    'TableWithColumns' => [
                        'CatalogId' => '<string>',
                        'ColumnNames' => ['<string>', ...],
                        'ColumnWildcard' => [
                            'ExcludedColumnNames' => ['<string>', ...],
                        ],
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                    ],
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members

Failures

Type: Array of BatchPermissionsFailureEntry structures

A list of failures to revoke permissions to the resources.

Errors

InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.

CancelTransaction

$result = $client->cancelTransaction([/* ... */]);
$promise = $client->cancelTransactionAsync([/* ... */]);

Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.

Parameter Syntax

$result = $client->cancelTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members

TransactionId

Required: Yes
Type: string

The transaction to cancel.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

CommitTransaction

$result = $client->commitTransaction([/* ... */]);
$promise = $client->commitTransactionAsync([/* ... */]);

Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.

Parameter Syntax

$result = $client->commitTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members

TransactionId

Required: Yes
Type: string

The transaction to commit.

Result Syntax

[
    'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
]

Result Details

Members

TransactionStatus

Type: string

The status of the transaction.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

CreateDataCellsFilter

$result = $client->createDataCellsFilter([/* ... */]);
$promise = $client->createDataCellsFilterAsync([/* ... */]);

Creates a data cell filter to allow one to grant access to certain columns on certain rows.

Parameter Syntax

$result = $client->createDataCellsFilter([
    'TableData' => [ // REQUIRED
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>', // REQUIRED
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>', // REQUIRED
        'TableName' => '<string>', // REQUIRED
        'VersionId' => '<string>',
    ],
]);

Parameter Details

Members

TableData

Required: Yes
Type: DataCellsFilter structure

A DataCellsFilter structure containing information about the data cells filter.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AlreadyExistsException:
A resource to be created or added already exists.
InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

CreateLFTag

$result = $client->createLFTag([/* ... */]);
$promise = $client->createLFTagAsync([/* ... */]);

Creates an LF-tag with the specified name and values.

Parameter Syntax

$result = $client->createLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
    'TagValues' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag.

TagValues

Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

CreateLakeFormationIdentityCenterConfiguration

$result = $client->createLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->createLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

Parameter Syntax

$result = $client->createLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...], // REQUIRED
        'Status' => 'ENABLED|DISABLED', // REQUIRED
    ],
    'InstanceArn' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

ExternalFiltering

Type: ExternalFilteringConfiguration structure

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to to access data managed by Lake Formation.

InstanceArn

Type: string

The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

Result Syntax

[
    'ApplicationArn' => '<string>',
]

Result Details

Members

ApplicationArn

Type: string

The Amazon Resource Name (ARN) of the integrated application.

Errors

InvalidInputException:
The input provided was not valid.
AlreadyExistsException:
A resource to be created or added already exists.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

CreateLakeFormationOptIn

$result = $client->createLakeFormationOptIn([/* ... */]);
$promise = $client->createLakeFormationOptInAsync([/* ... */]);

Enforce Lake Formation permissions for the given databases, tables, and principals.

Parameter Syntax

$result = $client->createLakeFormationOptIn([
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

Principal

Required: Yes
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource

Required: Yes
Type: Resource structure

A structure for the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

DeleteDataCellsFilter

$result = $client->deleteDataCellsFilter([/* ... */]);
$promise = $client->deleteDataCellsFilterAsync([/* ... */]);

Deletes a data cell filter.

Parameter Syntax

$result = $client->deleteDataCellsFilter([
    'DatabaseName' => '<string>',
    'Name' => '<string>',
    'TableCatalogId' => '<string>',
    'TableName' => '<string>',
]);

Parameter Details

Members

DatabaseName

Type: string

A database in the Glue Data Catalog.

Name

Type: string

The name given by the user to the data filter cell.

TableCatalogId

Type: string

The ID of the catalog to which the table belongs.

TableName

Type: string

A table in the database.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

DeleteLFTag

$result = $client->deleteLFTag([/* ... */]);
$promise = $client->deleteLFTagAsync([/* ... */]);

Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.

Parameter Syntax

$result = $client->deleteLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

DeleteLakeFormationIdentityCenterConfiguration

$result = $client->deleteLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->deleteLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Deletes an IAM Identity Center connection with Lake Formation.

Parameter Syntax

$result = $client->deleteLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definition, and other control information to manage your Lake Formation environment.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

DeleteLakeFormationOptIn

$result = $client->deleteLakeFormationOptIn([/* ... */]);
$promise = $client->deleteLakeFormationOptInAsync([/* ... */]);

Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

Parameter Syntax

$result = $client->deleteLakeFormationOptIn([
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

Principal

Required: Yes
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource

Required: Yes
Type: Resource structure

A structure for the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

DeleteObjectsOnCancel

$result = $client->deleteObjectsOnCancel([/* ... */]);
$promise = $client->deleteObjectsOnCancelAsync([/* ... */]);

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.

The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.

Parameter Syntax

$result = $client->deleteObjectsOnCancel([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'Objects' => [ // REQUIRED
        [
            'ETag' => '<string>',
            'Uri' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

The Glue data catalog that contains the governed table. Defaults to the current account ID.

DatabaseName

Required: Yes
Type: string

The database that contains the governed table.

Objects

Required: Yes
Type: Array of VirtualObject structures

A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.

TableName

Required: Yes
Type: string

The name of the governed table.

TransactionId

Required: Yes
Type: string

ID of the transaction that the writes occur in.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

DeregisterResource

$result = $client->deregisterResource([/* ... */]);
$promise = $client->deregisterResourceAsync([/* ... */]);

Deregisters the resource as managed by the Data Catalog.

When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

Parameter Syntax

$result = $client->deregisterResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ResourceArn

Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource that you want to deregister.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.

DescribeLakeFormationIdentityCenterConfiguration

$result = $client->describeLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->describeLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Retrieves the instance ARN and application ARN for the connection.

Parameter Syntax

$result = $client->describeLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

Result Syntax

[
    'ApplicationArn' => '<string>',
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...],
        'Status' => 'ENABLED|DISABLED',
    ],
    'InstanceArn' => '<string>',
]

Result Details

Members

ApplicationArn

Type: string

The Amazon Resource Name (ARN) of the integrated application.

CatalogId

Type: string

ExternalFiltering

Type: ExternalFilteringConfiguration structure

Indicates if external filtering is enabled.

InstanceArn

Type: string

The Amazon Resource Name (ARN) of the connection.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

DescribeResource

$result = $client->describeResource([/* ... */]);
$promise = $client->describeResourceAsync([/* ... */]);

Retrieves the current data access role for the given resource registered in Lake Formation.

Parameter Syntax

$result = $client->describeResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

ResourceArn

Required: Yes
Type: string

The resource ARN.

Result Syntax

[
    'ResourceInfo' => [
        'HybridAccessEnabled' => true || false,
        'LastModified' => <DateTime>,
        'ResourceArn' => '<string>',
        'RoleArn' => '<string>',
        'WithFederation' => true || false,
    ],
]

Result Details

Members

ResourceInfo

Type: ResourceInfo structure

A structure containing information about an Lake Formation resource.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.

DescribeTransaction

$result = $client->describeTransaction([/* ... */]);
$promise = $client->describeTransactionAsync([/* ... */]);

Returns the details of a single transaction.

Parameter Syntax

$result = $client->describeTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members

TransactionId

Required: Yes
Type: string

The transaction for which to return status.

Result Syntax

[
    'TransactionDescription' => [
        'TransactionEndTime' => <DateTime>,
        'TransactionId' => '<string>',
        'TransactionStartTime' => <DateTime>,
        'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
    ],
]

Result Details

Members

TransactionDescription

Type: TransactionDescription structure

Returns a TransactionDescription object containing information about the transaction.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.

ExtendTransaction

$result = $client->extendTransaction([/* ... */]);
$promise = $client->extendTransactionAsync([/* ... */]);

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.

Parameter Syntax

$result = $client->extendTransaction([
    'TransactionId' => '<string>',
]);

Parameter Details

Members

TransactionId

Type: string

The transaction to extend.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.

GetDataCellsFilter

$result = $client->getDataCellsFilter([/* ... */]);
$promise = $client->getDataCellsFilterAsync([/* ... */]);

Returns a data cells filter.

Parameter Syntax

$result = $client->getDataCellsFilter([
    'DatabaseName' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'TableCatalogId' => '<string>', // REQUIRED
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members

DatabaseName

Required: Yes
Type: string

A database in the Glue Data Catalog.

Name

Required: Yes
Type: string

The name given by the user to the data filter cell.

TableCatalogId

Required: Yes
Type: string

The ID of the catalog to which the table belongs.

TableName

Required: Yes
Type: string

A table in the database.

Result Syntax

[
    'DataCellsFilter' => [
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>',
        'Name' => '<string>',
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>',
        'TableName' => '<string>',
        'VersionId' => '<string>',
    ],
]

Result Details

Members

DataCellsFilter

Type: DataCellsFilter structure

A structure that describes certain columns on certain rows.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
InternalServiceException:
An internal service error occurred.
AccessDeniedException:
Access to a resource was denied.

GetDataLakeSettings

$result = $client->getDataLakeSettings([/* ... */]);
$promise = $client->getDataLakeSettingsAsync([/* ... */]);

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

Parameter Syntax

$result = $client->getDataLakeSettings([
    'CatalogId' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

Result Syntax

[
    'DataLakeSettings' => [
        'AllowExternalDataFiltering' => true || false,
        'AllowFullTableExternalDataAccess' => true || false,
        'AuthorizedSessionTagValueList' => ['<string>', ...],
        'CreateDatabaseDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'CreateTableDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'DataLakeAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'ExternalDataFilteringAllowList' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'Parameters' => ['<string>', ...],
        'ReadOnlyAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'TrustedResourceOwners' => ['<string>', ...],
    ],
]

Result Details

Members

DataLakeSettings

Type: DataLakeSettings structure

A structure representing a list of Lake Formation principals designated as data lake administrators.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.

GetEffectivePermissionsForPath

$result = $client->getEffectivePermissionsForPath([/* ... */]);
$promise = $client->getEffectivePermissionsForPathAsync([/* ... */]);

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

Parameter Syntax

$result = $client->getEffectivePermissionsForPath([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

ResourceArn

Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource for which you want to get permissions.

Result Syntax

[
    'NextToken' => '<string>',
    'Permissions' => [
        [
            'AdditionalDetails' => [
                'ResourceShare' => ['<string>', ...],
            ],
            'LastUpdated' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Permissions

Type: Array of PrincipalResourcePermissions structures

A list of the permissions for the specified table or database resource located at the path in Amazon S3.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
OperationTimeoutException:
The operation timed out.
InternalServiceException:
An internal service error occurred.

GetLFTag

$result = $client->getLFTag([/* ... */]);
$promise = $client->getLFTagAsync([/* ... */]);

Returns an LF-tag definition.

Parameter Syntax

$result = $client->getLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag.

Result Syntax

[
    'CatalogId' => '<string>',
    'TagKey' => '<string>',
    'TagValues' => ['<string>', ...],
]

Result Details

Members

CatalogId

Type: string

TagKey

Type: string

The key-name for the LF-tag.

TagValues

Type: Array of strings

A list of possible values an attribute can take.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

GetQueryState

$result = $client->getQueryState([/* ... */]);
$promise = $client->getQueryStateAsync([/* ... */]);

Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.

Parameter Syntax

$result = $client->getQueryState([
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members

QueryId

Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'Error' => '<string>',
    'State' => 'PENDING|WORKUNITS_AVAILABLE|ERROR|FINISHED|EXPIRED',
]

Result Details

Members

Error

Type: string

An error message when the operation fails.

State

Required: Yes
Type: string

The state of a query previously submitted. The possible states are:

PENDING: the query is pending.
WORKUNITS_AVAILABLE: some work units are ready for retrieval and execution.
FINISHED: the query planning finished successfully, and all work units are ready for retrieval and execution.
ERROR: an error occurred with the query, such as an invalid query ID or a backend error.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.

GetQueryStatistics

$result = $client->getQueryStatistics([/* ... */]);
$promise = $client->getQueryStatisticsAsync([/* ... */]);

Retrieves statistics on the planning and execution of a query.

Parameter Syntax

$result = $client->getQueryStatistics([
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members

QueryId

Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'ExecutionStatistics' => [
        'AverageExecutionTimeMillis' => <integer>,
        'DataScannedBytes' => <integer>,
        'WorkUnitsExecutedCount' => <integer>,
    ],
    'PlanningStatistics' => [
        'EstimatedDataToScanBytes' => <integer>,
        'PlanningTimeMillis' => <integer>,
        'QueueTimeMillis' => <integer>,
        'WorkUnitsGeneratedCount' => <integer>,
    ],
    'QuerySubmissionTime' => <DateTime>,
]

Result Details

Members

ExecutionStatistics

Type: ExecutionStatistics structure

An ExecutionStatistics structure containing execution statistics.

PlanningStatistics

Type: PlanningStatistics structure

A PlanningStatistics structure containing query planning statistics.

QuerySubmissionTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the query was submitted.

Errors

StatisticsNotReadyYetException:
Contains details about an error related to statistics not being ready.
InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
ExpiredException:
Contains details about an error where the query request expired.
ThrottledException:
Contains details about an error where the query request was throttled.

GetResourceLFTags

$result = $client->getResourceLFTags([/* ... */]);
$promise = $client->getResourceLFTagsAsync([/* ... */]);

Returns the LF-tags applied to a resource.

Parameter Syntax

$result = $client->getResourceLFTags([
    'CatalogId' => '<string>',
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
    'ShowAssignedLFTags' => true || false,
]);

Parameter Details

Members

CatalogId

Type: string

Resource

Required: Yes
Type: Resource structure

The database, table, or column resource for which you want to return LF-tags.

ShowAssignedLFTags

Type: boolean

Indicates whether to show the assigned LF-tags.

Result Syntax

[
    'LFTagOnDatabase' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
    'LFTagsOnColumns' => [
        [
            'LFTags' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'Name' => '<string>',
        ],
        // ...
    ],
    'LFTagsOnTable' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members

LFTagOnDatabase

Type: Array of LFTagPair structures

A list of LF-tags applied to a database resource.

LFTagsOnColumns

Type: Array of ColumnLFTag structures

A list of LF-tags applied to a column resource.

LFTagsOnTable

Type: Array of LFTagPair structures

A list of LF-tags applied to a table resource.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
GlueEncryptionException:
An encryption operation failed.
AccessDeniedException:
Access to a resource was denied.

GetTableObjects

$result = $client->getTableObjects([/* ... */]);
$promise = $client->getTableObjectsAsync([/* ... */]);

Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.

Parameter Syntax

$result = $client->getTableObjects([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'PartitionPredicate' => '<string>',
    'QueryAsOfTime' => <integer || string || DateTime>,
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

The catalog containing the governed table. Defaults to the caller’s account.

DatabaseName

Required: Yes
Type: string

The database containing the governed table.

MaxResults

Type: int

Specifies how many values to return in a page.

NextToken

Type: string

A continuation token if this is not the first call to retrieve these objects.

PartitionPredicate

Type: string

A predicate to filter the objects returned based on the partition keys defined in the governed table.

The comparison operators supported are: =, >, <, >=, <=
The logical operators supported are: AND
The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.

QueryAsOfTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with TransactionId.

TableName

Required: Yes
Type: string

The governed table for which to retrieve objects.

TransactionId

Type: string

The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with QueryAsOfTime.

Result Syntax

[
    'NextToken' => '<string>',
    'Objects' => [
        [
            'Objects' => [
                [
                    'ETag' => '<string>',
                    'Size' => <integer>,
                    'Uri' => '<string>',
                ],
                // ...
            ],
            'PartitionValues' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token indicating whether additional data is available.

Objects

Type: Array of PartitionObjects structures

A list of objects organized by partition keys.

Errors

EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.

GetTemporaryGluePartitionCredentials

$result = $client->getTemporaryGluePartitionCredentials([/* ... */]);
$promise = $client->getTemporaryGluePartitionCredentialsAsync([/* ... */]);

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

Parameter Syntax

$result = $client->getTemporaryGluePartitionCredentials([
    'AuditContext' => [
        'AdditionalAuditContext' => '<string>',
    ],
    'DurationSeconds' => <integer>,
    'Partition' => [ // REQUIRED
        'Values' => ['<string>', ...], // REQUIRED
    ],
    'Permissions' => ['<string>', ...],
    'SupportedPermissionTypes' => ['<string>', ...],
    'TableArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

AuditContext

Type: AuditContext structure

A structure representing context to access a resource (column names, query ID, etc).

DurationSeconds

Type: int

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

Partition

Required: Yes
Type: PartitionValueList structure

A list of partition values identifying a single partition.

Permissions

Type: Array of strings

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

SupportedPermissionTypes

Type: Array of strings

A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

TableArn

Required: Yes
Type: string

The ARN of the partitions' table.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
]

Result Details

Members

AccessKeyId

Type: string

The access key ID for the temporary credentials.

Expiration

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey

Type: string

The secret key for the temporary credentials.

SessionToken

Type: string

The session token for the temporary credentials.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
AccessDeniedException:
Access to a resource was denied.
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

GetTemporaryGlueTableCredentials

$result = $client->getTemporaryGlueTableCredentials([/* ... */]);
$promise = $client->getTemporaryGlueTableCredentialsAsync([/* ... */]);

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

Parameter Syntax

$result = $client->getTemporaryGlueTableCredentials([
    'AuditContext' => [
        'AdditionalAuditContext' => '<string>',
    ],
    'DurationSeconds' => <integer>,
    'Permissions' => ['<string>', ...],
    'SupportedPermissionTypes' => ['<string>', ...],
    'TableArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

AuditContext

Type: AuditContext structure

A structure representing context to access a resource (column names, query ID, etc).

DurationSeconds

Type: int

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

Permissions

Type: Array of strings

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

SupportedPermissionTypes

Type: Array of strings

A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

TableArn

Required: Yes
Type: string

The ARN identifying a table in the Data Catalog for the temporary credentials request.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
]

Result Details

Members

AccessKeyId

Type: string

The access key ID for the temporary credentials.

Expiration

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey

Type: string

The secret key for the temporary credentials.

SessionToken

Type: string

The session token for the temporary credentials.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
AccessDeniedException:
Access to a resource was denied.
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

GetWorkUnitResults

$result = $client->getWorkUnitResults([/* ... */]);
$promise = $client->getWorkUnitResultsAsync([/* ... */]);

Returns the work units resulting from the query. Work units can be executed in any order and in parallel.

Parameter Syntax

$result = $client->getWorkUnitResults([
    'QueryId' => '<string>', // REQUIRED
    'WorkUnitId' => <integer>, // REQUIRED
    'WorkUnitToken' => '<string>', // REQUIRED
]);

Parameter Details

Members

QueryId

Required: Yes
Type: string

The ID of the plan query operation for which to get results.

WorkUnitId

Required: Yes
Type: long (int|float)

The work unit ID for which to get results. Value generated by enumerating WorkUnitIdMin to WorkUnitIdMax (inclusive) from the WorkUnitRange in the output of GetWorkUnits.

WorkUnitToken

Required: Yes
Type: string

A work token used to query the execution service. Token output from GetWorkUnits.

Result Syntax

[
    'ResultStream' => <string || resource || Psr\Http\Message\StreamInterface>,
]

Result Details

Members

ResultStream

Type: blob (string|resource|Psr\Http\Message\StreamInterface)

Rows returned from the GetWorkUnitResults operation as a stream of Apache Arrow v1.0 messages.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
ExpiredException:
Contains details about an error where the query request expired.
ThrottledException:
Contains details about an error where the query request was throttled.

GetWorkUnits

$result = $client->getWorkUnits([/* ... */]);
$promise = $client->getWorkUnitsAsync([/* ... */]);

Retrieves the work units generated by the StartQueryPlanning operation.

Parameter Syntax

$result = $client->getWorkUnits([
    'NextToken' => '<string>',
    'PageSize' => <integer>,
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members

NextToken

Type: string

A continuation token, if this is a continuation call.

PageSize

Type: int

The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.

QueryId

Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'NextToken' => '<string>',
    'QueryId' => '<string>',
    'WorkUnitRanges' => [
        [
            'WorkUnitIdMax' => <integer>,
            'WorkUnitIdMin' => <integer>,
            'WorkUnitToken' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.

QueryId

Required: Yes
Type: string

The ID of the plan query operation.

WorkUnitRanges

Required: Yes
Type: Array of WorkUnitRange structures

A WorkUnitRangeList object that specifies the valid range of work unit IDs for querying the execution service.

Errors

WorkUnitsNotReadyYetException:
Contains details about an error related to work units not being ready.
InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
ExpiredException:
Contains details about an error where the query request expired.

GrantPermissions

$result = $client->grantPermissions([/* ... */]);
$promise = $client->grantPermissionsAsync([/* ... */]);

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

For information about permissions, see Security and Access Control to Metadata and Data.

Parameter Syntax

$result = $client->grantPermissions([
    'CatalogId' => '<string>',
    'Permissions' => ['<string>', ...], // REQUIRED
    'PermissionsWithGrantOption' => ['<string>', ...],
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

CatalogId

Type: string

Permissions

Required: Yes
Type: Array of strings

The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.

PermissionsWithGrantOption

Type: Array of strings

Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the Privileges.

Principal

Required: Yes
Type: DataLakePrincipal structure

The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.

Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.

Resource

Required: Yes
Type: Resource structure

The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.

ListDataCellsFilter

$result = $client->listDataCellsFilter([/* ... */]);
$promise = $client->listDataCellsFilterAsync([/* ... */]);

Lists all the data cell filters on a table.

Parameter Syntax

$result = $client->listDataCellsFilter([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Table' => [
        'CatalogId' => '<string>',
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>',
        'TableWildcard' => [
        ],
    ],
]);

Parameter Details

Members

MaxResults

Type: int

The maximum size of the response.

NextToken

Type: string

A continuation token, if this is a continuation call.

Table

Type: TableResource structure

A table in the Glue Data Catalog.

Result Syntax

[
    'DataCellsFilters' => [
        [
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'RowFilter' => [
                'AllRowsWildcard' => [
                ],
                'FilterExpression' => '<string>',
            ],
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
            'VersionId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

DataCellsFilters

Type: Array of DataCellsFilter structures

A list of DataCellFilter structures.

NextToken

Type: string

A continuation token, if not all requested data cell filters have been returned.

Errors

InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
InternalServiceException:
An internal service error occurred.
AccessDeniedException:
Access to a resource was denied.

ListLFTags

$result = $client->listLFTags([/* ... */]);
$promise = $client->listLFTagsAsync([/* ... */]);

Lists LF-tags that the requester has permission to view.

Parameter Syntax

$result = $client->listLFTags([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceShareType' => 'FOREIGN|ALL',
]);

Parameter Details

Members

CatalogId

Type: string

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

ResourceShareType

Type: string

If resource share type is ALL, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type is FOREIGN, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.

Result Syntax

[
    'LFTags' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

LFTags

Type: Array of LFTagPair structures

A list of LF-tags that the requested has permission to view.

NextToken

Type: string

A continuation token, present if the current list segment is not the last.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

ListLakeFormationOptIns

$result = $client->listLakeFormationOptIns([/* ... */]);
$promise = $client->listLakeFormationOptInsAsync([/* ... */]);

Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

Parameter Syntax

$result = $client->listLakeFormationOptIns([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Principal' => [
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Principal

Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource

Type: Resource structure

A structure for the resource.

Result Syntax

[
    'LakeFormationOptInsInfoList' => [
        [
            'LastModified' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

LakeFormationOptInsInfoList

Type: Array of LakeFormationOptInsInfo structures

A list of principal-resource pairs that have Lake Formation permissins enforced.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

ListPermissions

$result = $client->listPermissions([/* ... */]);
$promise = $client->listPermissionsAsync([/* ... */]);

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

This operation returns only those permissions that have been explicitly granted.

For information about permissions, see Security and Access Control to Metadata and Data.

Parameter Syntax

$result = $client->listPermissions([
    'CatalogId' => '<string>',
    'IncludeRelated' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Principal' => [
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
    'ResourceType' => 'CATALOG|DATABASE|TABLE|DATA_LOCATION|LF_TAG|LF_TAG_POLICY|LF_TAG_POLICY_DATABASE|LF_TAG_POLICY_TABLE',
]);

Parameter Details

Members

CatalogId

Type: string

IncludeRelated

Type: string

Indicates that related permissions should be included in the results.

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Principal

Type: DataLakePrincipal structure

Specifies a principal to filter the permissions returned.

Resource

Type: Resource structure

A resource where you will get a list of the principal permissions.

This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.

ResourceType

Type: string

Specifies a resource type to filter the permissions returned.

Result Syntax

[
    'NextToken' => '<string>',
    'PrincipalResourcePermissions' => [
        [
            'AdditionalDetails' => [
                'ResourceShare' => ['<string>', ...],
            ],
            'LastUpdated' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

PrincipalResourcePermissions

Type: Array of PrincipalResourcePermissions structures

A list of principals and their permissions on the resource for the specified principal and resource types.

Errors

InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
InternalServiceException:
An internal service error occurred.

ListResources

$result = $client->listResources([/* ... */]);
$promise = $client->listResourcesAsync([/* ... */]);

Lists the resources registered to be managed by the Data Catalog.

Parameter Syntax

$result = $client->listResources([
    'FilterConditionList' => [
        [
            'ComparisonOperator' => 'EQ|NE|LE|LT|GE|GT|CONTAINS|NOT_CONTAINS|BEGINS_WITH|IN|BETWEEN',
            'Field' => 'RESOURCE_ARN|ROLE_ARN|LAST_MODIFIED',
            'StringValueList' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

FilterConditionList

Type: Array of FilterCondition structures

Any applicable row-level and/or column-level filtering conditions for the resources.

MaxResults

Type: int

The maximum number of resource results.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve these resources.

Result Syntax

[
    'NextToken' => '<string>',
    'ResourceInfoList' => [
        [
            'HybridAccessEnabled' => true || false,
            'LastModified' => <DateTime>,
            'ResourceArn' => '<string>',
            'RoleArn' => '<string>',
            'WithFederation' => true || false,
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token, if this is not the first call to retrieve these resources.

ResourceInfoList

Type: Array of ResourceInfo structures

A summary of the data lake resources.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.

ListTableStorageOptimizers

$result = $client->listTableStorageOptimizers([/* ... */]);
$promise = $client->listTableStorageOptimizersAsync([/* ... */]);

Returns the configuration of all storage optimizers associated with a specified table.

Parameter Syntax

$result = $client->listTableStorageOptimizers([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

The Catalog ID of the table.

DatabaseName

Required: Yes
Type: string

Name of the database where the table is present.

MaxResults

Type: int

The number of storage optimizers to return on each call.

NextToken

Type: string

A continuation token, if this is a continuation call.

StorageOptimizerType

Type: string

The specific type of storage optimizers to list. The supported value is compaction.

TableName

Required: Yes
Type: string

Name of the table.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageOptimizerList' => [
        [
            'Config' => ['<string>', ...],
            'ErrorMessage' => '<string>',
            'LastRunDetails' => '<string>',
            'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
            'Warnings' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.

StorageOptimizerList

Type: Array of StorageOptimizer structures

A list of the storage optimizers associated with a table.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
InternalServiceException:
An internal service error occurred.

ListTransactions

$result = $client->listTransactions([/* ... */]);
$promise = $client->listTransactionsAsync([/* ... */]);

Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.

This operation can help you identify uncommitted transactions or to get information about transactions.

Parameter Syntax

$result = $client->listTransactions([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StatusFilter' => 'ALL|COMPLETED|ACTIVE|COMMITTED|ABORTED',
]);

Parameter Details

Members

CatalogId

Type: string

The catalog for which to list transactions. Defaults to the account ID of the caller.

MaxResults

Type: int

The maximum number of transactions to return in a single call.

NextToken

Type: string

A continuation token if this is not the first call to retrieve transactions.

StatusFilter

Type: string

A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is ALL.

Result Syntax

[
    'NextToken' => '<string>',
    'Transactions' => [
        [
            'TransactionEndTime' => <DateTime>,
            'TransactionId' => '<string>',
            'TransactionStartTime' => <DateTime>,
            'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token indicating whether additional data is available.

Transactions

Type: Array of TransactionDescription structures

A list of transactions. The record for each transaction is a TransactionDescription object.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.

PutDataLakeSettings

$result = $client->putDataLakeSettings([/* ... */]);
$promise = $client->putDataLakeSettingsAsync([/* ... */]);

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

Parameter Syntax

$result = $client->putDataLakeSettings([
    'CatalogId' => '<string>',
    'DataLakeSettings' => [ // REQUIRED
        'AllowExternalDataFiltering' => true || false,
        'AllowFullTableExternalDataAccess' => true || false,
        'AuthorizedSessionTagValueList' => ['<string>', ...],
        'CreateDatabaseDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'CreateTableDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'DataLakeAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'ExternalDataFilteringAllowList' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'Parameters' => ['<string>', ...],
        'ReadOnlyAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'TrustedResourceOwners' => ['<string>', ...],
    ],
]);

Parameter Details

Members

CatalogId

Type: string

DataLakeSettings

Required: Yes
Type: DataLakeSettings structure

A structure representing a list of Lake Formation principals designated as data lake administrators.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.

RegisterResource

$result = $client->registerResource([/* ... */]);
$promise = $client->registerResourceAsync([/* ... */]);

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

arn:aws:iam::12345:role/my-data-access-role

Parameter Syntax

$result = $client->registerResource([
    'HybridAccessEnabled' => true || false,
    'ResourceArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>',
    'UseServiceLinkedRole' => true || false,
    'WithFederation' => true || false,
]);

Parameter Details

Members

HybridAccessEnabled

Type: boolean

Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

ResourceArn

Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource that you want to register.

RoleArn

Type: string

The identifier for the role that registers the resource.

UseServiceLinkedRole

Type: boolean

Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.

For more information, see Using Service-Linked Roles for Lake Formation.

WithFederation

Type: boolean

Whether or not the resource is a federated resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AlreadyExistsException:
A resource to be created or added already exists.
EntityNotFoundException:
A specified entity does not exist.
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
AccessDeniedException:
Access to a resource was denied.

RemoveLFTagsFromResource

$result = $client->removeLFTagsFromResource([/* ... */]);
$promise = $client->removeLFTagsFromResourceAsync([/* ... */]);

Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.

Parameter Syntax

$result = $client->removeLFTagsFromResource([
    'CatalogId' => '<string>',
    'LFTags' => [ // REQUIRED
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

CatalogId

Type: string

LFTags

Required: Yes
Type: Array of LFTagPair structures

The LF-tags to be removed from the resource.

Resource

Required: Yes
Type: Resource structure

The database, table, or column resource where you want to remove an LF-tag.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'LFTag' => [
                'CatalogId' => '<string>',
                'TagKey' => '<string>',
                'TagValues' => ['<string>', ...],
            ],
        ],
        // ...
    ],
]

Result Details

Members

Failures

Type: Array of LFTagError structures

A list of failures to untag a resource.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
GlueEncryptionException:
An encryption operation failed.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

RevokePermissions

$result = $client->revokePermissions([/* ... */]);
$promise = $client->revokePermissionsAsync([/* ... */]);

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Parameter Syntax

$result = $client->revokePermissions([
    'CatalogId' => '<string>',
    'Permissions' => ['<string>', ...], // REQUIRED
    'PermissionsWithGrantOption' => ['<string>', ...],
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [ // REQUIRED
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members

CatalogId

Type: string

Permissions

Required: Yes
Type: Array of strings

The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.

PermissionsWithGrantOption

Type: Array of strings

Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

Principal

Required: Yes
Type: DataLakePrincipal structure

The principal to be revoked permissions on the resource.

Resource

Required: Yes
Type: Resource structure

The resource to which permissions are to be revoked.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.

SearchDatabasesByLFTags

$result = $client->searchDatabasesByLFTags([/* ... */]);
$promise = $client->searchDatabasesByLFTagsAsync([/* ... */]);

This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.

Parameter Syntax

$result = $client->searchDatabasesByLFTags([
    'CatalogId' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

Expression

Required: Yes
Type: Array of LFTag structures

A list of conditions (LFTag structures) to search for in database resources.

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Result Syntax

[
    'DatabaseList' => [
        [
            'Database' => [
                'CatalogId' => '<string>',
                'Name' => '<string>',
            ],
            'LFTags' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

DatabaseList

Type: Array of TaggedDatabase structures

A list of databases that meet the LF-tag conditions.

NextToken

Type: string

A continuation token, present if the current list segment is not the last.

Errors

EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
GlueEncryptionException:
An encryption operation failed.
AccessDeniedException:
Access to a resource was denied.

SearchTablesByLFTags

$result = $client->searchTablesByLFTags([/* ... */]);
$promise = $client->searchTablesByLFTagsAsync([/* ... */]);

This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.

Parameter Syntax

$result = $client->searchTablesByLFTags([
    'CatalogId' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

CatalogId

Type: string

Expression

Required: Yes
Type: Array of LFTag structures

A list of conditions (LFTag structures) to search for in table resources.

MaxResults

Type: int

The maximum number of results to return.

NextToken

Type: string

A continuation token, if this is not the first call to retrieve this list.

Result Syntax

[
    'NextToken' => '<string>',
    'TableList' => [
        [
            'LFTagOnDatabase' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'LFTagsOnColumns' => [
                [
                    'LFTags' => [
                        [
                            'CatalogId' => '<string>',
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'Name' => '<string>',
                ],
                // ...
            ],
            'LFTagsOnTable' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'Table' => [
                'CatalogId' => '<string>',
                'DatabaseName' => '<string>',
                'Name' => '<string>',
                'TableWildcard' => [
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members

NextToken

Type: string

A continuation token, present if the current list segment is not the last. On the first run, if you include a not null (a value) token you can get empty pages.

TableList

Type: Array of TaggedTable structures

A list of tables that meet the LF-tag conditions.

Errors

EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
GlueEncryptionException:
An encryption operation failed.
AccessDeniedException:
Access to a resource was denied.

StartQueryPlanning

$result = $client->startQueryPlanning([/* ... */]);
$promise = $client->startQueryPlanningAsync([/* ... */]);

Submits a request to process a query statement.

This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.

Parameter Syntax

$result = $client->startQueryPlanning([
    'QueryPlanningContext' => [ // REQUIRED
        'CatalogId' => '<string>',
        'DatabaseName' => '<string>', // REQUIRED
        'QueryAsOfTime' => <integer || string || DateTime>,
        'QueryParameters' => ['<string>', ...],
        'TransactionId' => '<string>',
    ],
    'QueryString' => '<string>', // REQUIRED
]);

Parameter Details

Members

QueryPlanningContext

Required: Yes
Type: QueryPlanningContext structure

A structure containing information about the query plan.

QueryString

Required: Yes
Type: string

A PartiQL query statement used as an input to the planner service.

Result Syntax

[
    'QueryId' => '<string>',
]

Result Details

Members

QueryId

Required: Yes
Type: string

The ID of the plan query operation can be used to fetch the actual work unit descriptors that are produced as the result of the operation. The ID is also used to get the query state and as an input to the Execute operation.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
ThrottledException:
Contains details about an error where the query request was throttled.

StartTransaction

$result = $client->startTransaction([/* ... */]);
$promise = $client->startTransactionAsync([/* ... */]);

Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.

Parameter Syntax

$result = $client->startTransaction([
    'TransactionType' => 'READ_AND_WRITE|READ_ONLY',
]);

Parameter Details

Members

TransactionType

Type: string

Indicates whether this transaction should be read only or read and write. Writes made using a read-only transaction ID will be rejected. Read-only transactions do not need to be committed.

Result Syntax

[
    'TransactionId' => '<string>',
]

Result Details

Members

TransactionId

Type: string

An opaque identifier for the transaction.

Errors

InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.

UpdateDataCellsFilter

$result = $client->updateDataCellsFilter([/* ... */]);
$promise = $client->updateDataCellsFilterAsync([/* ... */]);

Updates a data cell filter.

Parameter Syntax

$result = $client->updateDataCellsFilter([
    'TableData' => [ // REQUIRED
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>', // REQUIRED
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>', // REQUIRED
        'TableName' => '<string>', // REQUIRED
        'VersionId' => '<string>',
    ],
]);

Parameter Details

Members

TableData

Required: Yes
Type: DataCellsFilter structure

A DataCellsFilter structure containing information about the data cells filter.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.

UpdateLFTag

$result = $client->updateLFTag([/* ... */]);
$promise = $client->updateLFTagAsync([/* ... */]);

Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.

Parameter Syntax

$result = $client->updateLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
    'TagValuesToAdd' => ['<string>', ...],
    'TagValuesToDelete' => ['<string>', ...],
]);

Parameter Details

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag for which to add or delete values.

TagValuesToAdd

Type: Array of strings

A list of LF-tag values to add from the LF-tag.

TagValuesToDelete

Type: Array of strings

A list of LF-tag values to delete from the LF-tag.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
AccessDeniedException:
Access to a resource was denied.

UpdateLakeFormationIdentityCenterConfiguration

$result = $client->updateLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->updateLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Updates the IAM Identity Center connection parameters.

Parameter Syntax

$result = $client->updateLakeFormationIdentityCenterConfiguration([
    'ApplicationStatus' => 'ENABLED|DISABLED',
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...], // REQUIRED
        'Status' => 'ENABLED|DISABLED', // REQUIRED
    ],
]);

Parameter Details

Members

ApplicationStatus

Type: string

Allows to enable or disable the IAM Identity Center connection.

CatalogId

Type: string

ExternalFiltering

Type: ExternalFilteringConfiguration structure

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
EntityNotFoundException:
A specified entity does not exist.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
AccessDeniedException:
Access to a resource was denied.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

UpdateResource

$result = $client->updateResource([/* ... */]);
$promise = $client->updateResourceAsync([/* ... */]);

Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

Parameter Syntax

$result = $client->updateResource([
    'HybridAccessEnabled' => true || false,
    'ResourceArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'WithFederation' => true || false,
]);

Parameter Details

Members

HybridAccessEnabled

Type: boolean

Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

ResourceArn

Required: Yes
Type: string

The resource ARN.

RoleArn

Required: Yes
Type: string

The new role to use for the given resource registered in Lake Formation.

WithFederation

Type: boolean

Whether or not the resource is a federated resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:
The input provided was not valid.
InternalServiceException:
An internal service error occurred.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.

UpdateTableObjects

$result = $client->updateTableObjects([/* ... */]);
$promise = $client->updateTableObjectsAsync([/* ... */]);

Updates the manifest of Amazon S3 objects that make up the specified governed table.

Parameter Syntax

$result = $client->updateTableObjects([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>',
    'WriteOperations' => [ // REQUIRED
        [
            'AddObject' => [
                'ETag' => '<string>', // REQUIRED
                'PartitionValues' => ['<string>', ...],
                'Size' => <integer>, // REQUIRED
                'Uri' => '<string>', // REQUIRED
            ],
            'DeleteObject' => [
                'ETag' => '<string>',
                'PartitionValues' => ['<string>', ...],
                'Uri' => '<string>', // REQUIRED
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members

CatalogId

Type: string

The catalog containing the governed table to update. Defaults to the caller’s account ID.

DatabaseName

Required: Yes
Type: string

The database containing the governed table to update.

TableName

Required: Yes
Type: string

The governed table to update.

TransactionId

Type: string

The transaction at which to do the write.

WriteOperations

Required: Yes
Type: Array of WriteOperation structures

A list of WriteOperation objects that define an object to add to or delete from the manifest for a governed table.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:
An internal service error occurred.
InvalidInputException:
The input provided was not valid.
OperationTimeoutException:
The operation timed out.
EntityNotFoundException:
A specified entity does not exist.
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.

UpdateTableStorageOptimizer

$result = $client->updateTableStorageOptimizer([/* ... */]);
$promise = $client->updateTableStorageOptimizerAsync([/* ... */]);

Updates the configuration of the storage optimizers for a table.

Parameter Syntax

$result = $client->updateTableStorageOptimizer([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'StorageOptimizerConfig' => [ // REQUIRED
        '<OptimizerType>' => ['<string>', ...],
        // ...
    ],
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members

CatalogId

Type: string

The Catalog ID of the table.

DatabaseName

Required: Yes
Type: string

Name of the database where the table is present.

StorageOptimizerConfig

Required: Yes
Type: Associative array of custom strings keys (OptimizerType) to stringss

Name of the table for which to enable the storage optimizer.

TableName

Required: Yes
Type: string

Name of the table for which to enable the storage optimizer.

Result Syntax

[
    'Result' => '<string>',
]

Result Details

Members

Result

Type: string

A response indicating the success of failure of the operation.

Errors

EntityNotFoundException:
A specified entity does not exist.
InvalidInputException:
The input provided was not valid.
AccessDeniedException:
Access to a resource was denied.
InternalServiceException:
An internal service error occurred.

Shapes

AccessDeniedException

Description

Access to a resource was denied.

Members

Message

Type: string

A message describing the problem.

AddObjectInput

Description

A new object to add to the governed table.

Members

ETag

Required: Yes
Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

PartitionValues

Type: Array of strings

A list of partition values for the object. A value must be specified for each partition key associated with the table.

The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.

Size

Required: Yes
Type: long (int|float)

The size of the Amazon S3 object in bytes.

Uri

Required: Yes
Type: string

The Amazon S3 location of the object.

AllRowsWildcard

Description

A structure that you pass to indicate you want all rows in a filter.

Members

AlreadyExistsException

Description

A resource to be created or added already exists.

Members

Message

Type: string

A message describing the problem.

AuditContext

Description

A structure used to include auditing information on the privileged API.

Members

AdditionalAuditContext

Type: string

The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.

BatchPermissionsFailureEntry

Description

A list of failures when performing a batch grant or batch revoke operation.

Members

Error

Type: ErrorDetail structure

An error message that applies to the failure of the entry.

RequestEntry

Type: BatchPermissionsRequestEntry structure

An identifier for an entry of the batch request.

BatchPermissionsRequestEntry

Description

A permission to a resource granted by batch operation to the principal.

Members

Id

Required: Yes
Type: string

A unique identifier for the batch permissions request entry.

Permissions

Type: Array of strings

The permissions to be granted.

PermissionsWithGrantOption

Type: Array of strings

Indicates if the option to pass permissions is granted.

Principal

Type: DataLakePrincipal structure

The principal to be granted a permission.

Resource

Type: Resource structure

The resource to which the principal is to be granted a permission.

CatalogResource

Description

A structure for the catalog object.

Members

ColumnLFTag

Description

A structure containing the name of a column resource and the LF-tags attached to it.

Members

LFTags

Type: Array of LFTagPair structures

The LF-tags attached to a column resource.

Name

Type: string

The name of a column resource.

ColumnWildcard

Description

A wildcard object, consisting of an optional list of excluded column names or indexes.

Members

ExcludedColumnNames

Type: Array of strings

Excludes column names. Any column with this name will be excluded.

ConcurrentModificationException

Description

Two processes are trying to modify a resource simultaneously.

Members

Message

Type: string

A message describing the problem.

DataCellsFilter

Description

A structure that describes certain columns on certain rows.

Members

ColumnNames

Type: Array of strings

A list of column names and/or nested column attributes. When specifying nested attributes, use a qualified dot (.) delimited format such as "address"."zip". Nested attributes within this list may not exceed a depth of 5.

ColumnWildcard

Type: ColumnWildcard structure

A wildcard with exclusions.

You must specify either a ColumnNames list or the ColumnWildCard.

DatabaseName

Required: Yes
Type: string

A database in the Glue Data Catalog.

Name

Required: Yes
Type: string

The name given by the user to the data filter cell.

RowFilter

Type: RowFilter structure

A PartiQL predicate.

TableCatalogId

Required: Yes
Type: string

The ID of the catalog to which the table belongs.

TableName

Required: Yes
Type: string

A table in the database.

VersionId

Type: string

The ID of the data cells filter version.

DataCellsFilterResource

Description

A structure for a data cells filter resource.

Members

DatabaseName

Type: string

A database in the Glue Data Catalog.

Name

Type: string

The name of the data cells filter.

TableCatalogId

Type: string

The ID of the catalog to which the table belongs.

TableName

Type: string

The name of the table.

DataLakePrincipal

Description

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Members

DataLakePrincipalIdentifier

Type: string

An identifier for the Lake Formation principal.

DataLakeSettings

Description

A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

Members

AllowExternalDataFiltering

Type: boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.

If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.

For more information, see (Optional) Allow external data filtering.

AllowFullTableExternalDataAccess

Type: boolean

Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.

AuthorizedSessionTagValueList

Type: Array of strings

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.

CreateDatabaseDefaultPermissions

Type: Array of PrincipalPermissions structures

Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

CreateTableDefaultPermissions

Type: Array of PrincipalPermissions structures

Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

DataLakeAdmins

Type: Array of DataLakePrincipal structures

A list of Lake Formation principals. Supported principals are IAM users or IAM roles.

ExternalDataFilteringAllowList

Type: Array of DataLakePrincipal structures

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>

Parameters

Type: Associative array of custom strings keys (KeyString) to strings

A key-value map that provides an additional configuration on your data lake. CROSS_ACCOUNT_VERSION is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, 3, and 4.

ReadOnlyAdmins

Type: Array of DataLakePrincipal structures

A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.

TrustedResourceOwners

Type: Array of strings

A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.

You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

DataLocationResource

Description

A structure for a data location object where permissions are granted or revoked.

Members

CatalogId

Type: string

The identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.

ResourceArn

Required: Yes
Type: string

The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

DatabaseResource

Description

A structure for the database object.

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

Name

Required: Yes
Type: string

The name of the database resource. Unique to the Data Catalog.

DeleteObjectInput

Description

An object to delete from the governed table.

Members

ETag

Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

PartitionValues

Type: Array of strings

A list of partition values for the object. A value must be specified for each partition key associated with the governed table.

Uri

Required: Yes
Type: string

The Amazon S3 location of the object to delete.

DetailsMap

Description

A structure containing the additional details to be returned in the AdditionalDetails attribute of PrincipalResourcePermissions.

If a catalog resource is shared through Resource Access Manager (RAM), then there will exist a corresponding RAM resource share ARN.

Members

ResourceShare

Type: Array of strings

A resource share ARN for a catalog resource shared through RAM.

EntityNotFoundException

Description

A specified entity does not exist.

Members

Message

Type: string

A message describing the problem.

ErrorDetail

Description

Contains details about an error.

Members

ErrorCode

Type: string

The code associated with this error.

ErrorMessage

Type: string

A message describing the error.

ExecutionStatistics

Description

Statistics related to the processing of a query statement.

Members

AverageExecutionTimeMillis

Type: long (int|float)

The average time the request took to be executed.

DataScannedBytes

Type: long (int|float)

The amount of data that was scanned in bytes.

WorkUnitsExecutedCount

Type: long (int|float)

The number of work units executed.

ExpiredException

Description

Contains details about an error where the query request expired.

Members

Message

Type: string

A message describing the error.

ExternalFilteringConfiguration

Description

Configuration for enabling external data filtering for third-party applications to access data managed by Lake Formation .

Members

AuthorizedTargets

Required: Yes
Type: Array of strings

List of third-party application ARNs integrated with Lake Formation.

Status

Required: Yes
Type: string

Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.

FilterCondition

Description

This structure describes the filtering of columns in a table based on a filter condition.

Members

ComparisonOperator

Type: string

The comparison operator used in the filter condition.

Field

Type: string

The field to filter in the filter condition.

StringValueList

Type: Array of strings

A string with values used in evaluating the filter condition.

GlueEncryptionException

Description

An encryption operation failed.

Members

Message

Type: string

A message describing the problem.

InternalServiceException

Description

An internal service error occurred.

Members

Message

Type: string

A message describing the problem.

InvalidInputException

Description

The input provided was not valid.

Members

Message

Type: string

A message describing the problem.

LFTag

Description

A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.

Members

TagKey

Required: Yes
Type: string

The key-name for the LF-tag.

TagValues

Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

The maximum number of values that can be defined for a LF-Tag is 1000. A single API call supports 50 values. You can use multiple API calls to add more values.

LFTagError

Description

A structure containing an error related to a TagResource or UnTagResource operation.

Members

Error

Type: ErrorDetail structure

An error that occurred with the attachment or detachment of the LF-tag.

LFTag

Type: LFTagPair structure

The key-name of the LF-tag.

LFTagKeyResource

Description

A structure containing an LF-tag key and values for a resource.

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag.

TagValues

Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

LFTagPair

Description

A structure containing an LF-tag key-value pair.

Members

CatalogId

Type: string

TagKey

Required: Yes
Type: string

The key-name for the LF-tag.

TagValues

Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

LFTagPolicyResource

Description

A structure containing a list of LF-tag conditions that apply to a resource's LF-tag policy.

Members

CatalogId

Type: string

Expression

Required: Yes
Type: Array of LFTag structures

A list of LF-tag conditions that apply to the resource's LF-tag policy.

ResourceType

Required: Yes
Type: string

The resource type for which the LF-tag policy applies.

LakeFormationOptInsInfo

Description

A single principal-resource pair that has Lake Formation permissins enforced.

Members

LastModified

Type: timestamp (string|DateTime or anything parsable by strtotime)

The last modified date and time of the record.

LastUpdatedBy

Type: string

The user who updated the record.

Principal

Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource

Type: Resource structure

A structure for the resource.

OperationTimeoutException

Description

The operation timed out.

Members

Message

Type: string

A message describing the problem.

PartitionObjects

Description

A structure containing a list of partition values and table objects.

Members

Objects

Type: Array of TableObject structures

A list of table objects

PartitionValues

Type: Array of strings

A list of partition values.

PartitionValueList

Description

Contains a list of values defining partitions.

Members

Values

Required: Yes
Type: Array of strings

The list of partition values.

PermissionTypeMismatchException

Description

The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

Members

Message

Type: string

A message describing the problem.

PlanningStatistics

Description

Statistics related to the processing of a query statement.

Members

EstimatedDataToScanBytes

Type: long (int|float)

An estimate of the data that was scanned in bytes.

PlanningTimeMillis

Type: long (int|float)

The time that it took to process the request.

QueueTimeMillis

Type: long (int|float)

The time the request was in queue to be processed.

WorkUnitsGeneratedCount

Type: long (int|float)

The number of work units generated.

PrincipalPermissions

Description

Permissions granted to a principal.

Members

Permissions

Type: Array of strings

The permissions that are granted to the principal.

Principal

Type: DataLakePrincipal structure

The principal who is granted permissions.

PrincipalResourcePermissions

Description

The permissions granted or revoked on a resource.

Members

AdditionalDetails

Type: DetailsMap structure

This attribute can be used to return any additional details of PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN.

LastUpdated

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the resource was last updated.

LastUpdatedBy

Type: string

The user who updated the record.

Permissions

Type: Array of strings

The permissions to be granted or revoked on the resource.

PermissionsWithGrantOption

Type: Array of strings

Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).

Principal

Type: DataLakePrincipal structure

The Data Lake principal to be granted or revoked permissions.

Resource

Type: Resource structure

The resource where permissions are to be granted or revoked.

QueryPlanningContext

Description

A structure containing information about the query plan.

Members

CatalogId

Type: string

The ID of the Data Catalog where the partition in question resides. If none is provided, the Amazon Web Services account ID is used by default.

DatabaseName

Required: Yes
Type: string

The database containing the table.

QueryAsOfTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with TransactionId.

QueryParameters

Type: Associative array of custom strings keys (String) to strings

A map consisting of key-value pairs.

TransactionId

Type: string

The transaction ID at which to read the table contents. If this transaction is not committed, the read will be treated as part of that transaction and will see its writes. If this transaction has aborted, an error will be returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with QueryAsOfTime.

Resource

Description

A structure for the resource.

Members

Catalog

Type: CatalogResource structure

DataCellsFilter

Type: DataCellsFilterResource structure

A data cell filter.

DataLocation

Type: DataLocationResource structure

The location of an Amazon S3 path where permissions are granted or revoked.

Database

Type: DatabaseResource structure

The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.

LFTag

Type: LFTagKeyResource structure

The LF-tag key and values attached to a resource.

LFTagPolicy

Type: LFTagPolicyResource structure

A list of LF-tag conditions that define a resource's LF-tag policy.

Table

Type: TableResource structure

The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

TableWithColumns

Type: TableWithColumnsResource structure

The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

ResourceInfo

Description

A structure containing information about an Lake Formation resource.

Members

HybridAccessEnabled

Type: boolean

Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

LastModified

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the resource was last modified.

ResourceArn

Type: string

The Amazon Resource Name (ARN) of the resource.

RoleArn

Type: string

The IAM role that registered a resource.

WithFederation

Type: boolean

Whether or not the resource is a federated resource.

ResourceNotReadyException

Description

Contains details about an error related to a resource which is not ready for a transaction.

Members

Message

Type: string

A message describing the error.

ResourceNumberLimitExceededException

Description

A resource numerical limit was exceeded.

Members

Message

Type: string

A message describing the problem.

RowFilter

Description

A PartiQL predicate.

Members

AllRowsWildcard

Type: AllRowsWildcard structure

A wildcard for all rows.

FilterExpression

Type: string

A filter expression.

StatisticsNotReadyYetException

Description

Contains details about an error related to statistics not being ready.

Members

Message

Type: string

A message describing the error.

StorageOptimizer

Description

A structure describing the configuration and details of a storage optimizer.

Members

Config

Type: Associative array of custom strings keys (StorageOptimizerConfigKey) to strings

A map of the storage optimizer configuration. Currently contains only one key-value pair: is_enabled indicates true or false for acceleration.

ErrorMessage

Type: string

A message that contains information about any error (if present).

When an acceleration result has an enabled status, the error message is empty.

When an acceleration result has a disabled status, the message describes an error or simply indicates "disabled by the user".

LastRunDetails

Type: string

When an acceleration result has an enabled status, contains the details of the last job run.

StorageOptimizerType

Type: string

The specific type of storage optimizer. The supported value is compaction.

Warnings

Type: string

A message that contains information about any warnings (if present).

TableObject

Description

Specifies the details of a governed table.

Members

ETag

Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

Size

Type: long (int|float)

The size of the Amazon S3 object in bytes.

Uri

Type: string

The Amazon S3 location of the object.

TableResource

Description

A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName

Required: Yes
Type: string

The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.

Name

Type: string

The name of the table.

TableWildcard

Type: TableWildcard structure

A wildcard object representing every table under a database.

At least one of TableResource$Name or TableResource$TableWildcard is required.

TableWildcard

Description

A wildcard object representing every table under a database.

Members

TableWithColumnsResource

Description

A structure for a table with columns object. This object is only used when granting a SELECT permission.

This object must take a value for at least one of ColumnsNames, ColumnsIndexes, or ColumnsWildcard.

Members

CatalogId

Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

ColumnNames

Type: Array of strings

The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.

ColumnWildcard

Type: ColumnWildcard structure

A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

DatabaseName

Required: Yes
Type: string

The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.

Name

Required: Yes
Type: string

The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

TaggedDatabase

Description

A structure describing a database resource with LF-tags.

Members

Database

Type: DatabaseResource structure

A database that has LF-tags attached to it.

LFTags

Type: Array of LFTagPair structures

A list of LF-tags attached to the database.

TaggedTable

Description

A structure describing a table resource with LF-tags.

Members

LFTagOnDatabase

Type: Array of LFTagPair structures

A list of LF-tags attached to the database where the table resides.

LFTagsOnColumns

Type: Array of ColumnLFTag structures

A list of LF-tags attached to columns in the table.

LFTagsOnTable

Type: Array of LFTagPair structures

A list of LF-tags attached to the table.

Table

Type: TableResource structure

A table that has LF-tags attached to it.

ThrottledException

Description

Contains details about an error where the query request was throttled.

Members

Message

Type: string

A message describing the error.

TransactionCanceledException

Description

Contains details about an error related to a transaction that was cancelled.

Members

Message

Type: string

A message describing the error.

TransactionCommitInProgressException

Description

Contains details about an error related to a transaction commit that was in progress.

Members

Message

Type: string

A message describing the error.

TransactionCommittedException

Description

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

Members

Message

Type: string

A message describing the error.

TransactionDescription

Description

A structure that contains information about a transaction.

Members

TransactionEndTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the transaction committed or aborted, if it is not currently active.

TransactionId

Type: string

The ID of the transaction.

TransactionStartTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the transaction started.

TransactionStatus

Type: string

A status of ACTIVE, COMMITTED, or ABORTED.

VirtualObject

Description

An object that defines an Amazon S3 object to be deleted if a transaction cancels, provided that VirtualPut was called before writing the object.

Members

ETag

Type: string

The ETag of the Amazon S3 object.

Uri

Required: Yes
Type: string

The path to the Amazon S3 object. Must start with s3://

WorkUnitRange

Description

Defines the valid range of work unit IDs for querying the execution service.

Members

WorkUnitIdMax

Required: Yes
Type: long (int|float)

Defines the maximum work unit ID in the range. The maximum value is inclusive.

WorkUnitIdMin

Required: Yes
Type: long (int|float)

Defines the minimum work unit ID in the range.

WorkUnitToken

Required: Yes
Type: string

A work token used to query the execution service.

WorkUnitsNotReadyYetException

Description

Contains details about an error related to work units not being ready.

Members

Message

Type: string

A message describing the error.

WriteOperation

Description

Defines an object to add to or delete from a governed table.

Members

AddObject

Type: AddObjectInput structure

A new object to add to the governed table.

DeleteObject

Type: DeleteObjectInput structure

An object to delete from the governed table.

Namespaces

Classes

Interfaces

Traits

Exceptions

Functions

AWS Lake Formation 2017-03-31

Operation Summary

Paginators

Operations

AddLFTagsToResource

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

AssumeDecoratedRoleWithSAML

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

BatchGrantPermissions

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

BatchRevokePermissions

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CancelTransaction

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CommitTransaction

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateDataCellsFilter

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateLFTag

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateLakeFormationIdentityCenterConfiguration

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateLakeFormationOptIn