AWS Lake Formation 2017-03-31
- Client: Aws\LakeFormation\LakeFormationClient
- Service ID: lakeformation
- Version: 2017-03-31
This page describes the parameters and results for the operations of the AWS Lake Formation (2017-03-31), and shows how to use the Aws\LakeFormation\LakeFormationClient object to call the described operations. This documentation is specific to the 2017-03-31 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AddLFTagsToResource ( array $params = [] )
Attaches one or more tags to an existing resource.
- BatchGrantPermissions ( array $params = [] )
Batch operation to grant permissions to the principal.
- BatchRevokePermissions ( array $params = [] )
Batch operation to revoke permissions from the principal.
- CreateLFTag ( array $params = [] )
Creates a tag with the specified name and values.
- DeleteLFTag ( array $params = [] )
Deletes the specified tag key name.
- DeregisterResource ( array $params = [] )
Deregisters the resource as managed by the Data Catalog.
- DescribeResource ( array $params = [] )
Retrieves the current data access role for the given resource registered in AWS Lake Formation.
- GetDataLakeSettings ( array $params = [] )
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
- GetEffectivePermissionsForPath ( array $params = [] )
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
- GetLFTag ( array $params = [] )
Returns a tag definition.
- GetResourceLFTags ( array $params = [] )
Returns the tags applied to a resource.
- GrantPermissions ( array $params = [] )
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- ListLFTags ( array $params = [] )
Lists tags that the requester has permission to view.
- ListPermissions ( array $params = [] )
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
- ListResources ( array $params = [] )
Lists the resources registered to be managed by the Data Catalog.
- PutDataLakeSettings ( array $params = [] )
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
- RegisterResource ( array $params = [] )
Registers the resource as managed by the Data Catalog.
- RemoveLFTagsFromResource ( array $params = [] )
Removes a tag from the resource.
- RevokePermissions ( array $params = [] )
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- SearchDatabasesByLFTags ( array $params = [] )
This operation allows a search on DATABASE resources by TagCondition.
- SearchTablesByLFTags ( array $params = [] )
This operation allows a search on TABLE resources by LFTags.
- UpdateLFTag ( array $params = [] )
Updates the list of possible values for the specified tag key.
- UpdateResource ( array $params = [] )
Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AddLFTagsToResource
$result = $client->addLFTagsToResource([/* ... */]); $promise = $client->addLFTagsToResourceAsync([/* ... */]);
Attaches one or more tags to an existing resource.
Parameter Syntax
$result = $client->addLFTagsToResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The tags to attach to the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which to attach a tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to tag the resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
BatchGrantPermissions
$result = $client->batchGrantPermissions([/* ... */]); $promise = $client->batchGrantPermissionsAsync([/* ... */]);
Batch operation to grant permissions to the principal.
Parameter Syntax
$result = $client->batchGrantPermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to grant permissions to the resources.
Errors
-
The input provided was not valid.
-
The operation timed out.
BatchRevokePermissions
$result = $client->batchRevokePermissions([/* ... */]); $promise = $client->batchRevokePermissionsAsync([/* ... */]);
Batch operation to revoke permissions from the principal.
Parameter Syntax
$result = $client->batchRevokePermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to revoke permissions to the resources.
Errors
-
The input provided was not valid.
-
The operation timed out.
CreateLFTag
$result = $client->createLFTag([/* ... */]); $promise = $client->createLFTagAsync([/* ... */]);
Creates a tag with the specified name and values.
Parameter Syntax
$result = $client->createLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
DeleteLFTag
$result = $client->deleteLFTag([/* ... */]); $promise = $client->deleteLFTagAsync([/* ... */]);
Deletes the specified tag key name. If the attribute key does not exist or the tag does not exist, then the operation will not do anything. If the attribute key exists, then the operation checks if any resources are tagged with this attribute key, if yes, the API throws a 400 Exception with the message "Delete not allowed" as the tag key is still attached with resources. You can consider untagging resources with this tag key.
Parameter Syntax
$result = $client->deleteLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag to delete.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
DeregisterResource
$result = $client->deregisterResource([/* ... */]); $promise = $client->deregisterResourceAsync([/* ... */]);
Deregisters the resource as managed by the Data Catalog.
When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
Parameter Syntax
$result = $client->deregisterResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
DescribeResource
$result = $client->describeResource([/* ... */]); $promise = $client->describeResourceAsync([/* ... */]);
Retrieves the current data access role for the given resource registered in AWS Lake Formation.
Parameter Syntax
$result = $client->describeResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'ResourceInfo' => [
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
],
]
Result Details
Members
- ResourceInfo
-
- Type: ResourceInfo structure
A structure containing information about an AWS Lake Formation resource.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
GetDataLakeSettings
$result = $client->getDataLakeSettings([/* ... */]); $promise = $client->getDataLakeSettingsAsync([/* ... */]);
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
Parameter Syntax
$result = $client->getDataLakeSettings([
'CatalogId' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'DataLakeSettings' => [
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]
Result Details
Members
- DataLakeSettings
-
- Type: DataLakeSettings structure
A structure representing a list of AWS Lake Formation principals designated as data lake administrators.
Errors
-
An internal service error occurred.
-
The input provided was not valid.
-
A specified entity does not exist
GetEffectivePermissionsForPath
$result = $client->getEffectivePermissionsForPath([/* ... */]); $promise = $client->getEffectivePermissionsForPathAsync([/* ... */]);
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.
Parameter Syntax
$result = $client->getEffectivePermissionsForPath([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which you want to get permissions.
Result Syntax
[
'NextToken' => '<string>',
'Permissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Permissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of the permissions for the specified table or database resource located at the path in Amazon S3.
Errors
-
The input provided was not valid.
-
A specified entity does not exist
-
The operation timed out.
-
An internal service error occurred.
GetLFTag
$result = $client->getLFTag([/* ... */]); $promise = $client->getLFTagAsync([/* ... */]);
Returns a tag definition.
Parameter Syntax
$result = $client->getLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag.
Result Syntax
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
]
Result Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Type: string
The key-name for the tag.
- TagValues
-
- Type: Array of strings
A list of possible values an attribute can take.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
Access to a resource was denied.
GetResourceLFTags
$result = $client->getResourceLFTags([/* ... */]); $promise = $client->getResourceLFTagsAsync([/* ... */]);
Returns the tags applied to a resource.
Parameter Syntax
$result = $client->getResourceLFTags([
'CatalogId' => '<string>',
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ShowAssignedLFTags' => true || false,
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource for which you want to return tags.
- ShowAssignedLFTags
-
- Type: boolean
Indicates whether to show the assigned tags.
Result Syntax
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of tags applied to a database resource.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of tags applied to a column resource.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of tags applied to a table resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
GrantPermissions
$result = $client->grantPermissions([/* ... */]); $promise = $client->grantPermissionsAsync([/* ... */]);
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->grantPermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions granted to the principal on the resource. AWS Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. AWS Lake Formation requires that each principal be authorized to perform a specific task on AWS Lake Formation resources.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the
Privileges. - Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.
Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be granted. Resources in AWS Lake Formation are the Data Catalog, databases, and tables.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
A specified entity does not exist
-
The input provided was not valid.
ListLFTags
$result = $client->listLFTags([/* ... */]); $promise = $client->listLFTagsAsync([/* ... */]);
Lists tags that the requester has permission to view.
Parameter Syntax
$result = $client->listLFTags([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceShareType' => 'FOREIGN|ALL',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceShareType
-
- Type: string
If resource share type is
ALL, returns both in-account tags and shared tags that the requester has permission to view. If resource share type isFOREIGN, returns all share tags that the requester can view. If no resource share type is passed, lists tags in the given catalog ID that the requester has permission to view.
Result Syntax
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LFTags
-
- Type: Array of LFTagPair structures
A list of tags that the requested has permission to view.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
ListPermissions
$result = $client->listPermissions([/* ... */]); $promise = $client->listPermissionsAsync([/* ... */]);
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->listPermissions([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ResourceType' => 'CATALOG|DATABASE|TABLE|DATA_LOCATION|LF_TAG|LF_TAG_POLICY|LF_TAG_POLICY_DATABASE|LF_TAG_POLICY_TABLE',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Principal
-
- Type: DataLakePrincipal structure
Specifies a principal to filter the permissions returned.
- Resource
-
- Type: Resource structure
A resource where you will get a list of the principal permissions.
This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.
- ResourceType
-
- Type: string
Specifies a resource type to filter the permissions returned.
Result Syntax
[
'NextToken' => '<string>',
'PrincipalResourcePermissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- PrincipalResourcePermissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of principals and their permissions on the resource for the specified principal and resource types.
Errors
-
The input provided was not valid.
-
The operation timed out.
-
An internal service error occurred.
ListResources
$result = $client->listResources([/* ... */]); $promise = $client->listResourcesAsync([/* ... */]);
Lists the resources registered to be managed by the Data Catalog.
Parameter Syntax
$result = $client->listResources([
'FilterConditionList' => [
[
'ComparisonOperator' => 'EQ|NE|LE|LT|GE|GT|CONTAINS|NOT_CONTAINS|BEGINS_WITH|IN|BETWEEN',
'Field' => 'RESOURCE_ARN|ROLE_ARN|LAST_MODIFIED',
'StringValueList' => ['<string>', ...],
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- FilterConditionList
-
- Type: Array of FilterCondition structures
Any applicable row-level and/or column-level filtering conditions for the resources.
- MaxResults
-
- Type: int
The maximum number of resource results.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
Result Syntax
[
'NextToken' => '<string>',
'ResourceInfoList' => [
[
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
- ResourceInfoList
-
- Type: Array of ResourceInfo structures
A summary of the data lake resources.
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
PutDataLakeSettings
$result = $client->putDataLakeSettings([/* ... */]); $promise = $client->putDataLakeSettingsAsync([/* ... */]);
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.
This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
Parameter Syntax
$result = $client->putDataLakeSettings([
'CatalogId' => '<string>',
'DataLakeSettings' => [ // REQUIRED
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- DataLakeSettings
-
- Required: Yes
- Type: DataLakeSettings structure
A structure representing a list of AWS Lake Formation principals designated as data lake administrators.
Result Syntax
[]
Result Details
Errors
-
An internal service error occurred.
-
The input provided was not valid.
RegisterResource
$result = $client->registerResource([/* ... */]); $promise = $client->registerResourceAsync([/* ... */]);
Registers the resource as managed by the Data Catalog.
To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.
The following request registers a new location and gives AWS Lake Formation permission to use the service-linked role to access that location.
ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true
If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:
arn:aws:iam::12345:role/my-data-access-role
Parameter Syntax
$result = $client->registerResource([
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>',
'UseServiceLinkedRole' => true || false,
]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to register.
- RoleArn
-
- Type: string
The identifier for the role that registers the resource.
- UseServiceLinkedRole
-
- Type: boolean
Designates an AWS Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.
For more information, see Using Service-Linked Roles for Lake Formation.
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A resource to be created or added already exists.
RemoveLFTagsFromResource
$result = $client->removeLFTagsFromResource([/* ... */]); $promise = $client->removeLFTagsFromResourceAsync([/* ... */]);
Removes a tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.
Parameter Syntax
$result = $client->removeLFTagsFromResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The tags to be removed from the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource where you want to remove a tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to untag a resource.
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
RevokePermissions
$result = $client->revokePermissions([/* ... */]); $promise = $client->revokePermissionsAsync([/* ... */]);
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
Parameter Syntax
$result = $client->revokePermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.
- Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be revoked permissions on the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be revoked.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
A specified entity does not exist
-
The input provided was not valid.
SearchDatabasesByLFTags
$result = $client->searchDatabasesByLFTags([/* ... */]); $promise = $client->searchDatabasesByLFTagsAsync([/* ... */]);
This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchDatabasesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in database resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'DatabaseList' => [
[
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DatabaseList
-
- Type: Array of TaggedDatabase structures
A list of databases that meet the tag conditions.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
A specified entity does not exist
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
SearchTablesByLFTags
$result = $client->searchTablesByLFTags([/* ... */]); $promise = $client->searchTablesByLFTagsAsync([/* ... */]);
This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LFTags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchTablesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in table resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'NextToken' => '<string>',
'TableList' => [
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
- TableList
-
- Type: Array of TaggedTable structures
A list of tables that meet the tag conditions.
Errors
-
A specified entity does not exist
-
An internal service error occurred.
-
The input provided was not valid.
-
The operation timed out.
-
An encryption operation failed.
-
Access to a resource was denied.
UpdateLFTag
$result = $client->updateLFTag([/* ... */]); $promise = $client->updateLFTagAsync([/* ... */]);
Updates the list of possible values for the specified tag key. If the tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the tag key's value.
Parameter Syntax
$result = $client->updateLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValuesToAdd' => ['<string>', ...],
'TagValuesToDelete' => ['<string>', ...],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag for which to add or delete values.
- TagValuesToAdd
-
- Type: Array of strings
A list of tag values to add from the tag.
- TagValuesToDelete
-
- Type: Array of strings
A list of tag values to delete from the tag.
Result Syntax
[]
Result Details
Errors
-
A specified entity does not exist
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
Access to a resource was denied.
UpdateResource
$result = $client->updateResource([/* ... */]); $promise = $client->updateResourceAsync([/* ... */]);
Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.
Parameter Syntax
$result = $client->updateResource([
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The input provided was not valid.
-
An internal service error occurred.
-
The operation timed out.
-
A specified entity does not exist
Shapes
AccessDeniedException
Description
Access to a resource was denied.
Members
AlreadyExistsException
Description
A resource to be created or added already exists.
Members
BatchPermissionsFailureEntry
Description
A list of failures when performing a batch grant or batch revoke operation.
Members
- Error
-
- Type: ErrorDetail structure
An error message that applies to the failure of the entry.
- RequestEntry
-
- Type: BatchPermissionsRequestEntry structure
An identifier for an entry of the batch request.
BatchPermissionsRequestEntry
Description
A permission to a resource granted by batch operation to the principal.
Members
- Id
-
- Required: Yes
- Type: string
A unique identifier for the batch permissions request entry.
- Permissions
-
- Type: Array of strings
The permissions to be granted.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates if the option to pass permissions is granted.
- Principal
-
- Type: DataLakePrincipal structure
The principal to be granted a permission.
- Resource
-
- Type: Resource structure
The resource to which the principal is to be granted a permission.
CatalogResource
Description
A structure for the catalog object.
Members
ColumnLFTag
Description
A structure containing the name of a column resource and the tags attached to it.
Members
- LFTags
-
- Type: Array of LFTagPair structures
The tags attached to a column resource.
- Name
-
- Type: string
The name of a column resource.
ColumnWildcard
Description
A wildcard object, consisting of an optional list of excluded column names or indexes.
Members
ConcurrentModificationException
Description
Two processes are trying to modify a resource simultaneously.
Members
DataLakePrincipal
Description
The AWS Lake Formation principal. Supported principals are IAM users or IAM roles.
Members
DataLakeSettings
Description
A structure representing a list of AWS Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
Members
- CreateDatabaseDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
A structure representing a list of up to three principal permissions entries for default create database permissions.
- CreateTableDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
A structure representing a list of up to three principal permissions entries for default create table permissions.
- DataLakeAdmins
-
- Type: Array of DataLakePrincipal structures
A list of AWS Lake Formation principals. Supported principals are IAM users or IAM roles.
- TrustedResourceOwners
-
- Type: Array of strings
A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's AWS CloudTrail log.
You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
DataLocationResource
Description
A structure for a data location object where permissions are granted or revoked.
Members
DatabaseResource
Description
A structure for the database object.
Members
DetailsMap
Description
A structure containing the additional details to be returned in the AdditionalDetails attribute of PrincipalResourcePermissions.
If a catalog resource is shared through AWS Resource Access Manager (AWS RAM), then there will exist a corresponding RAM resource share ARN.
Members
EntityNotFoundException
Description
A specified entity does not exist
Members
ErrorDetail
Description
Contains details about an error.
Members
FilterCondition
Description
This structure describes the filtering of columns in a table based on a filter condition.
Members
GlueEncryptionException
Description
An encryption operation failed.
Members
InternalServiceException
Description
An internal service error occurred.
Members
InvalidInputException
Description
The input provided was not valid.
Members
LFTag
Description
A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns not tagged 'PII' of tables tagged 'Prod'.
Members
LFTagError
Description
A structure containing an error related to a TagResource or UnTagResource operation.
Members
- Error
-
- Type: ErrorDetail structure
An error that occurred with the attachment or detachment of the tag.
- LFTag
-
- Type: LFTagPair structure
The key-name of the tag.
LFTagKeyResource
Description
A structure containing a tag key and values for a resource.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPair
Description
A structure containing a tag key-value pair.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPolicyResource
Description
A structure containing a list of tag conditions that apply to a resource's tag policy.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of tag conditions that apply to the resource's tag policy.
- ResourceType
-
- Required: Yes
- Type: string
The resource type for which the tag policy applies.
OperationTimeoutException
PrincipalPermissions
Description
Permissions granted to a principal.
Members
- Permissions
-
- Type: Array of strings
The permissions that are granted to the principal.
- Principal
-
- Type: DataLakePrincipal structure
The principal who is granted permissions.
PrincipalResourcePermissions
Description
The permissions granted or revoked on a resource.
Members
- AdditionalDetails
-
- Type: DetailsMap structure
This attribute can be used to return any additional details of
PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN. - Permissions
-
- Type: Array of strings
The permissions to be granted or revoked on the resource.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).
- Principal
-
- Type: DataLakePrincipal structure
The Data Lake principal to be granted or revoked permissions.
- Resource
-
- Type: Resource structure
The resource where permissions are to be granted or revoked.
Resource
Description
A structure for the resource.
Members
- Catalog
-
- Type: CatalogResource structure
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
- DataLocation
-
- Type: DataLocationResource structure
The location of an Amazon S3 path where permissions are granted or revoked.
- Database
-
- Type: DatabaseResource structure
The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
- LFTag
-
- Type: LFTagKeyResource structure
The tag key and values attached to a resource.
- LFTagPolicy
-
- Type: LFTagPolicyResource structure
A list of tag conditions that define a resource's tag policy.
- Table
-
- Type: TableResource structure
The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
- TableWithColumns
-
- Type: TableWithColumnsResource structure
The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.
ResourceInfo
Description
A structure containing information about an AWS Lake Formation resource.
Members
ResourceNumberLimitExceededException
Description
A resource numerical limit was exceeded.
Members
TableResource
Description
A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Type: string
The name of the table.
- TableWildcard
-
- Type: TableWildcard structure
A wildcard object representing every table under a database.
At least one of
TableResource$NameorTableResource$TableWildcardis required.
TableWildcard
Description
A wildcard object representing every table under a database.
Members
TableWithColumnsResource
Description
A structure for a table with columns object. This object is only used when granting a SELECT permission.
This object must take a value for at least one of ColumnsNames, ColumnsIndexes, or ColumnsWildcard.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- ColumnNames
-
- Type: Array of strings
The list of column names for the table. At least one of
ColumnNamesorColumnWildcardis required. - ColumnWildcard
-
- Type: ColumnWildcard structure
A wildcard specified by a
ColumnWildcardobject. At least one ofColumnNamesorColumnWildcardis required. - DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Required: Yes
- Type: string
The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
TaggedDatabase
Description
A structure describing a database resource with tags.
Members
- Database
-
- Type: DatabaseResource structure
A database that has tags attached to it.
- LFTags
-
- Type: Array of LFTagPair structures
A list of tags attached to the database.
TaggedTable
Description
A structure describing a table resource with tags.
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of tags attached to the database where the table resides.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of tags attached to columns in the table.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of tags attached to the table.
- Table
-
- Type: TableResource structure
A table that has tags attached to it.