CfnWorkGroup

class aws_cdk.aws_athena.CfnWorkGroup(scope, id, *, name, description=None, recursive_delete_option=None, state=None, tags=None, work_group_configuration=None, work_group_configuration_updates=None)

Bases: CfnResource

The AWS::Athena::WorkGroup resource specifies an Amazon Athena workgroup, which contains a name, description, creation time, state, and other configuration, listed under WorkGroupConfiguration .

Each workgroup enables you to isolate queries for you or your group from other queries in the same account. For more information, see CreateWorkGroup in the Amazon Athena API Reference .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-athena-workgroup.html

CloudformationResource:

AWS::Athena::WorkGroup

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

cfn_work_group = athena.CfnWorkGroup(self, "MyCfnWorkGroup",
    name="name",

    # the properties below are optional
    description="description",
    recursive_delete_option=False,
    state="state",
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    work_group_configuration=athena.CfnWorkGroup.WorkGroupConfigurationProperty(
        additional_configuration="additionalConfiguration",
        bytes_scanned_cutoff_per_query=123,
        customer_content_encryption_configuration=athena.CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(
            kms_key="kmsKey"
        ),
        enforce_work_group_configuration=False,
        engine_version=athena.CfnWorkGroup.EngineVersionProperty(
            effective_engine_version="effectiveEngineVersion",
            selected_engine_version="selectedEngineVersion"
        ),
        execution_role="executionRole",
        publish_cloud_watch_metrics_enabled=False,
        requester_pays_enabled=False,
        result_configuration=athena.CfnWorkGroup.ResultConfigurationProperty(
            acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
                s3_acl_option="s3AclOption"
            ),
            encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
                encryption_option="encryptionOption",

                # the properties below are optional
                kms_key="kmsKey"
            ),
            expected_bucket_owner="expectedBucketOwner",
            output_location="outputLocation"
        )
    ),
    work_group_configuration_updates=athena.CfnWorkGroup.WorkGroupConfigurationUpdatesProperty(
        additional_configuration="additionalConfiguration",
        bytes_scanned_cutoff_per_query=123,
        customer_content_encryption_configuration=athena.CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(
            kms_key="kmsKey"
        ),
        enforce_work_group_configuration=False,
        engine_version=athena.CfnWorkGroup.EngineVersionProperty(
            effective_engine_version="effectiveEngineVersion",
            selected_engine_version="selectedEngineVersion"
        ),
        execution_role="executionRole",
        publish_cloud_watch_metrics_enabled=False,
        remove_bytes_scanned_cutoff_per_query=False,
        remove_customer_content_encryption_configuration=False,
        requester_pays_enabled=False,
        result_configuration_updates=athena.CfnWorkGroup.ResultConfigurationUpdatesProperty(
            acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
                s3_acl_option="s3AclOption"
            ),
            encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
                encryption_option="encryptionOption",

                # the properties below are optional
                kms_key="kmsKey"
            ),
            expected_bucket_owner="expectedBucketOwner",
            output_location="outputLocation",
            remove_acl_configuration=False,
            remove_encryption_configuration=False,
            remove_expected_bucket_owner=False,
            remove_output_location=False
        )
    )
)
Parameters:
  • scope (Construct) – Scope in which this resource is defined.

  • id (str) – Construct identifier for this resource (unique in its scope).

  • name (str) – The workgroup name.

  • description (Optional[str]) – The workgroup description.

  • recursive_delete_option (Union[bool, IResolvable, None]) – The option to delete a workgroup and its contents even if the workgroup contains any named queries. The default is false.

  • state (Optional[str]) – The state of the workgroup: ENABLED or DISABLED.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – The tags (key-value pairs) to associate with this resource.

  • work_group_configuration (Union[IResolvable, WorkGroupConfigurationProperty, Dict[str, Any], None]) – The configuration of the workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch Metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is specified. The EnforceWorkGroupConfiguration option determines whether workgroup settings override client-side query settings.

  • work_group_configuration_updates (Union[IResolvable, WorkGroupConfigurationUpdatesProperty, Dict[str, Any], None]) – (deprecated) The configuration information that will be updated for this workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether the Amazon CloudWatch Metrics are enabled for the workgroup, whether the workgroup settings override the client-side settings, and the data usage limit for the amount of bytes scanned per query, if it is specified.

Methods

add_deletion_override(path)

Syntactic sugar for addOverride(path, undefined).

Parameters:

path (str) – The path of the value to delete.

Return type:

None

add_dependency(target)

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

add_depends_on(target)

(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

Parameters:

target (CfnResource) –

Deprecated:

use addDependency

Stability:

deprecated

Return type:

None

add_metadata(key, value)

Add a value to the CloudFormation Resource Metadata.

Parameters:
  • key (str) –

  • value (Any) –

See:

Return type:

None

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

add_override(path, value)

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with “Properties.” (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example:

cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides Example:

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:
  • path (str) –

    • The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.

  • value (Any) –

    • The value. Could be primitive or complex.

Return type:

None

add_property_deletion_override(property_path)

Adds an override that deletes the value of a property from the resource definition.

Parameters:

property_path (str) – The path to the property.

Return type:

None

add_property_override(property_path, value)

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:
  • property_path (str) – The path of the property.

  • value (Any) – The value.

Return type:

None

apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

Parameters:
  • policy (Optional[RemovalPolicy]) –

  • apply_to_update_replace_policy (Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: true

  • default (Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options

Return type:

None

get_att(attribute_name, type_hint=None)

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:
  • attribute_name (str) – The name of the attribute.

  • type_hint (Optional[ResolutionTypeHint]) –

Return type:

Reference

get_metadata(key)

Retrieve a value value from the CloudFormation Resource Metadata.

Parameters:

key (str) –

See:

Return type:

Any

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect(inspector)

Examines the CloudFormation resource and discloses attributes.

Parameters:

inspector (TreeInspector) – tree inspector to collect and process attributes.

Return type:

None

obtain_dependencies()

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.

Return type:

List[Union[Stack, CfnResource]]

obtain_resource_dependencies()

Get a shallow copy of dependencies between this resource and other resources in the same stack.

Return type:

List[CfnResource]

override_logical_id(new_logical_id)

Overrides the auto-generated logical ID with a specific ID.

Parameters:

new_logical_id (str) – The new logical ID to use for this stack element.

Return type:

None

remove_dependency(target)

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

replace_dependency(target, new_target)

Replaces one dependency with another.

Parameters:
Return type:

None

to_string()

Returns a string representation of this construct.

Return type:

str

Returns:

a string representation of this resource

Attributes

CFN_RESOURCE_TYPE_NAME = 'AWS::Athena::WorkGroup'
attr_creation_time

The date and time the workgroup was created, as a UNIX timestamp in seconds.

For example: 1582761016 .

CloudformationAttribute:

CreationTime

attr_work_group_configuration_engine_version_effective_engine_version

Read only.

The engine version on which the query runs. If the user requests a valid engine version other than Auto, the effective engine version is the same as the engine version that the user requested. If the user requests Auto, the effective engine version is chosen by Athena. When a request to update the engine version is made by a CreateWorkGroup or UpdateWorkGroup operation, the EffectiveEngineVersion field is ignored.

CloudformationAttribute:

WorkGroupConfiguration.EngineVersion.EffectiveEngineVersion

attr_work_group_configuration_updates_engine_version_effective_engine_version

Read only.

The engine version on which the query runs. If the user requests a valid engine version other than Auto, the effective engine version is the same as the engine version that the user requested. If the user requests Auto, the effective engine version is chosen by Athena. When a request to update the engine version is made by a CreateWorkGroup or UpdateWorkGroup operation, the EffectiveEngineVersion field is ignored.

CloudformationAttribute:

WorkGroupConfigurationUpdates.EngineVersion.EffectiveEngineVersion

cfn_options

Options for this resource, such as condition, update policy etc.

cfn_resource_type

AWS resource type.

creation_stack

return:

the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

description

The workgroup description.

logical_id

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns:

the logical ID as a stringified token. This value will only get resolved during synthesis.

name

The workgroup name.

node

The tree node.

recursive_delete_option

The option to delete a workgroup and its contents even if the workgroup contains any named queries.

ref

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

state

ENABLED or DISABLED.

Type:

The state of the workgroup

tags

Tag Manager which manages the tags for this resource.

tags_raw

The tags (key-value pairs) to associate with this resource.

work_group_configuration

The configuration of the workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch Metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is specified.

work_group_configuration_updates

(deprecated) The configuration information that will be updated for this workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether the Amazon CloudWatch Metrics are enabled for the workgroup, whether the workgroup settings override the client-side settings, and the data usage limit for the amount of bytes scanned per query, if it is specified.

Deprecated:

this property has been deprecated

Stability:

deprecated

Static Methods

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

Parameters:

x (Any) –

Return type:

bool

Returns:

The construct as a stack element or undefined if it is not a stack element.

classmethod is_cfn_resource(x)

Check whether the given object is a CfnResource.

Parameters:

x (Any) –

Return type:

bool

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.

AclConfigurationProperty

class CfnWorkGroup.AclConfigurationProperty(*, s3_acl_option)

Bases: object

Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results, including data files inserted by Athena as the result of statements like CTAS or INSERT INTO.

When Athena stores query results in Amazon S3, the canned ACL is set with the x-amz-acl request header. For more information about S3 Object Ownership, see Object Ownership settings in the Amazon S3 User Guide .

Parameters:

s3_acl_option (str) – The Amazon S3 canned ACL that Athena should specify when storing query results, including data files inserted by Athena as the result of statements like CTAS or INSERT INTO. Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL . If a query runs in a workgroup and the workgroup overrides client-side settings, then the Amazon S3 canned ACL specified in the workgroup’s settings is used for all queries that run in the workgroup. For more information about Amazon S3 canned ACLs, see Canned ACL in the Amazon S3 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-aclconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

acl_configuration_property = athena.CfnWorkGroup.AclConfigurationProperty(
    s3_acl_option="s3AclOption"
)

Attributes

s3_acl_option

The Amazon S3 canned ACL that Athena should specify when storing query results, including data files inserted by Athena as the result of statements like CTAS or INSERT INTO.

Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL . If a query runs in a workgroup and the workgroup overrides client-side settings, then the Amazon S3 canned ACL specified in the workgroup’s settings is used for all queries that run in the workgroup. For more information about Amazon S3 canned ACLs, see Canned ACL in the Amazon S3 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-aclconfiguration.html#cfn-athena-workgroup-aclconfiguration-s3acloption

CustomerContentEncryptionConfigurationProperty

class CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(*, kms_key)

Bases: object

Specifies the customer managed KMS key that is used to encrypt the user’s data stores in Athena.

When an AWS managed key is used, this value is null. This setting does not apply to Athena SQL workgroups.

Parameters:

kms_key (str) – The customer managed KMS key that is used to encrypt the user’s data stores in Athena.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-customercontentencryptionconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

customer_content_encryption_configuration_property = athena.CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(
    kms_key="kmsKey"
)

Attributes

kms_key

The customer managed KMS key that is used to encrypt the user’s data stores in Athena.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-customercontentencryptionconfiguration.html#cfn-athena-workgroup-customercontentencryptionconfiguration-kmskey

EncryptionConfigurationProperty

class CfnWorkGroup.EncryptionConfigurationProperty(*, encryption_option, kms_key=None)

Bases: object

If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS ) and key information.

Parameters:
  • encryption_option (str) – Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys ( SSE_S3 ), server-side encryption with KMS-managed keys ( SSE_KMS ), or client-side encryption with KMS-managed keys ( CSE_KMS ) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup’s setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.

  • kms_key (Optional[str]) – For SSE_KMS and CSE_KMS , this is the KMS key ARN or ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-encryptionconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

encryption_configuration_property = athena.CfnWorkGroup.EncryptionConfigurationProperty(
    encryption_option="encryptionOption",

    # the properties below are optional
    kms_key="kmsKey"
)

Attributes

encryption_option

Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys ( SSE_S3 ), server-side encryption with KMS-managed keys ( SSE_KMS ), or client-side encryption with KMS-managed keys ( CSE_KMS ) is used.

If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup’s setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-encryptionconfiguration.html#cfn-athena-workgroup-encryptionconfiguration-encryptionoption

kms_key

For SSE_KMS and CSE_KMS , this is the KMS key ARN or ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-encryptionconfiguration.html#cfn-athena-workgroup-encryptionconfiguration-kmskey

EngineVersionProperty

class CfnWorkGroup.EngineVersionProperty(*, effective_engine_version=None, selected_engine_version=None)

Bases: object

The Athena engine version for running queries, or the PySpark engine version for running sessions.

Parameters:
  • effective_engine_version (Optional[str]) – Read only. The engine version on which the query runs. If the user requests a valid engine version other than Auto, the effective engine version is the same as the engine version that the user requested. If the user requests Auto, the effective engine version is chosen by Athena. When a request to update the engine version is made by a CreateWorkGroup or UpdateWorkGroup operation, the EffectiveEngineVersion field is ignored.

  • selected_engine_version (Optional[str]) – The engine version requested by the user. Possible values are determined by the output of ListEngineVersions , including AUTO. The default is AUTO.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-engineversion.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

engine_version_property = athena.CfnWorkGroup.EngineVersionProperty(
    effective_engine_version="effectiveEngineVersion",
    selected_engine_version="selectedEngineVersion"
)

Attributes

effective_engine_version

Read only.

The engine version on which the query runs. If the user requests a valid engine version other than Auto, the effective engine version is the same as the engine version that the user requested. If the user requests Auto, the effective engine version is chosen by Athena. When a request to update the engine version is made by a CreateWorkGroup or UpdateWorkGroup operation, the EffectiveEngineVersion field is ignored.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-engineversion.html#cfn-athena-workgroup-engineversion-effectiveengineversion

selected_engine_version

The engine version requested by the user.

Possible values are determined by the output of ListEngineVersions , including AUTO. The default is AUTO.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-engineversion.html#cfn-athena-workgroup-engineversion-selectedengineversion

ResultConfigurationProperty

class CfnWorkGroup.ResultConfigurationProperty(*, acl_configuration=None, encryption_configuration=None, expected_bucket_owner=None, output_location=None)

Bases: object

The location in Amazon S3 where query and calculation results are stored and the encryption option, if any, used for query and calculation results.

These are known as “client-side settings”. If workgroup settings override client-side settings, then the query uses the workgroup settings.

Parameters:
  • acl_configuration (Union[IResolvable, AclConfigurationProperty, Dict[str, Any], None]) – Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results. Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL . This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ACL configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration .

  • encryption_configuration (Union[IResolvable, EncryptionConfigurationProperty, Dict[str, Any], None]) – If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS ) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration and Override client-side settings .

  • expected_bucket_owner (Optional[str]) – The account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration:OutputLocation . If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration .

  • output_location (Optional[str]) – The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/ . To run a query, you must specify the query results location using either a client-side setting for individual queries or a location specified by the workgroup. If workgroup settings override client-side settings, then the query uses the location specified for the workgroup. If no query location is set, Athena issues an error. For more information, see Work with query results and recent queries and EnforceWorkGroupConfiguration .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

result_configuration_property = athena.CfnWorkGroup.ResultConfigurationProperty(
    acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
        s3_acl_option="s3AclOption"
    ),
    encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
        encryption_option="encryptionOption",

        # the properties below are optional
        kms_key="kmsKey"
    ),
    expected_bucket_owner="expectedBucketOwner",
    output_location="outputLocation"
)

Attributes

acl_configuration

Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results.

Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL . This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ACL configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-aclconfiguration

encryption_configuration

If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS ) and key information.

This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration and Override client-side settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-encryptionconfiguration

expected_bucket_owner

The account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration:OutputLocation .

If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.

This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See EnforceWorkGroupConfiguration .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-expectedbucketowner

output_location

The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/ .

To run a query, you must specify the query results location using either a client-side setting for individual queries or a location specified by the workgroup. If workgroup settings override client-side settings, then the query uses the location specified for the workgroup. If no query location is set, Athena issues an error. For more information, see Work with query results and recent queries and EnforceWorkGroupConfiguration .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-outputlocation

ResultConfigurationUpdatesProperty

class CfnWorkGroup.ResultConfigurationUpdatesProperty(*, acl_configuration=None, encryption_configuration=None, expected_bucket_owner=None, output_location=None, remove_acl_configuration=None, remove_encryption_configuration=None, remove_expected_bucket_owner=None, remove_output_location=None)

Bases: object

The information about the updates in the query results, such as output location and encryption configuration for the query results.

Parameters:
  • acl_configuration (Union[IResolvable, AclConfigurationProperty, Dict[str, Any], None]) – The ACL configuration for the query results.

  • encryption_configuration (Union[IResolvable, EncryptionConfigurationProperty, Dict[str, Any], None]) – The encryption configuration for the query results.

  • expected_bucket_owner (Optional[str]) – The AWS account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration$OutputLocation . If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner AWS account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error. If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings .

  • output_location (Optional[str]) – The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/ . For more information, see Query Results If workgroup settings override client-side settings, then the query uses the location for the query results and the encryption configuration that are specified for the workgroup. The “workgroup settings override” is specified in EnforceWorkGroupConfiguration (true/false) in the WorkGroupConfiguration. See EnforceWorkGroupConfiguration .

  • remove_acl_configuration (Union[bool, IResolvable, None]) –

    If set to true , indicates that the previously-specified ACL configuration for queries in this workgroup should be ignored and set to null. If set to false or not set, and a value is present in the AclConfiguration of ResultConfigurationUpdates , the AclConfiguration in the workgroup’s ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings .

  • remove_encryption_configuration (Union[bool, IResolvable, None]) –

    If set to “true”, indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to “false” or not set, and a value is present in the EncryptionConfiguration in ResultConfigurationUpdates (the client-side setting), the EncryptionConfiguration in the workgroup’s ResultConfiguration will be updated with the new value. For more information, see Override Client-Side Settings .

  • remove_expected_bucket_owner (Union[bool, IResolvable, None]) –

    If set to “true”, removes the AWS account ID previously specified for ResultConfiguration$ExpectedBucketOwner . If set to “false” or not set, and a value is present in the ExpectedBucketOwner in ResultConfigurationUpdates (the client-side setting), the ExpectedBucketOwner in the workgroup’s ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings .

  • remove_output_location (Union[bool, IResolvable, None]) –

    If set to “true”, indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to “false” or not set, and a value is present in the OutputLocation in ResultConfigurationUpdates (the client-side setting), the OutputLocation in the workgroup’s ResultConfiguration will be updated with the new value. For more information, see Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

result_configuration_updates_property = athena.CfnWorkGroup.ResultConfigurationUpdatesProperty(
    acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
        s3_acl_option="s3AclOption"
    ),
    encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
        encryption_option="encryptionOption",

        # the properties below are optional
        kms_key="kmsKey"
    ),
    expected_bucket_owner="expectedBucketOwner",
    output_location="outputLocation",
    remove_acl_configuration=False,
    remove_encryption_configuration=False,
    remove_expected_bucket_owner=False,
    remove_output_location=False
)

Attributes

acl_configuration

The ACL configuration for the query results.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-aclconfiguration

encryption_configuration

The encryption configuration for the query results.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-encryptionconfiguration

expected_bucket_owner

The AWS account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration$OutputLocation .

If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner AWS account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.

If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-expectedbucketowner

output_location

The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/ .

For more information, see Query Results If workgroup settings override client-side settings, then the query uses the location for the query results and the encryption configuration that are specified for the workgroup. The “workgroup settings override” is specified in EnforceWorkGroupConfiguration (true/false) in the WorkGroupConfiguration. See EnforceWorkGroupConfiguration .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-outputlocation

remove_acl_configuration

If set to true , indicates that the previously-specified ACL configuration for queries in this workgroup should be ignored and set to null.

If set to false or not set, and a value is present in the AclConfiguration of ResultConfigurationUpdates , the AclConfiguration in the workgroup’s ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-removeaclconfiguration

remove_encryption_configuration

If set to “true”, indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null.

If set to “false” or not set, and a value is present in the EncryptionConfiguration in ResultConfigurationUpdates (the client-side setting), the EncryptionConfiguration in the workgroup’s ResultConfiguration will be updated with the new value. For more information, see Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-removeencryptionconfiguration

remove_expected_bucket_owner

If set to “true”, removes the AWS account ID previously specified for ResultConfiguration$ExpectedBucketOwner .

If set to “false” or not set, and a value is present in the ExpectedBucketOwner in ResultConfigurationUpdates (the client-side setting), the ExpectedBucketOwner in the workgroup’s ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-removeexpectedbucketowner

remove_output_location

If set to “true”, indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null.

If set to “false” or not set, and a value is present in the OutputLocation in ResultConfigurationUpdates (the client-side setting), the OutputLocation in the workgroup’s ResultConfiguration will be updated with the new value. For more information, see Override Client-Side Settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-resultconfigurationupdates.html#cfn-athena-workgroup-resultconfigurationupdates-removeoutputlocation

WorkGroupConfigurationProperty

class CfnWorkGroup.WorkGroupConfigurationProperty(*, additional_configuration=None, bytes_scanned_cutoff_per_query=None, customer_content_encryption_configuration=None, enforce_work_group_configuration=None, engine_version=None, execution_role=None, publish_cloud_watch_metrics_enabled=None, requester_pays_enabled=None, result_configuration=None)

Bases: object

The configuration of the workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch Metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is specified.

The EnforceWorkGroupConfiguration option determines whether workgroup settings override client-side query settings.

Parameters:
  • additional_configuration (Optional[str]) – Specifies a user defined JSON string that is passed to the session engine.

  • bytes_scanned_cutoff_per_query (Union[int, float, None]) – The upper limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. No default is defined. .. epigraph:: This property currently supports integer types. Support for long values is planned.

  • customer_content_encryption_configuration (Union[IResolvable, CustomerContentEncryptionConfigurationProperty, Dict[str, Any], None]) – Specifies the KMS key that is used to encrypt the user’s data stores in Athena. This setting does not apply to Athena SQL workgroups.

  • enforce_work_group_configuration (Union[bool, IResolvable, None]) –

    If set to “true”, the settings for the workgroup override client-side settings. If set to “false”, client-side settings are used. For more information, see Override client-side settings .

  • engine_version (Union[IResolvable, EngineVersionProperty, Dict[str, Any], None]) – The engine version that all queries running on the workgroup use.

  • execution_role (Optional[str]) – Role used to access user resources in an Athena for Apache Spark session. This property applies only to Spark-enabled workgroups in Athena.

  • publish_cloud_watch_metrics_enabled (Union[bool, IResolvable, None]) – Indicates that the Amazon CloudWatch metrics are enabled for the workgroup.

  • requester_pays_enabled (Union[bool, IResolvable, None]) – If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see Requester Pays Buckets in the Amazon Simple Storage Service Developer Guide .

  • result_configuration (Union[IResolvable, ResultConfigurationProperty, Dict[str, Any], None]) –

    Specifies the location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. For more information, see Work with query results and recent queries .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

work_group_configuration_property = athena.CfnWorkGroup.WorkGroupConfigurationProperty(
    additional_configuration="additionalConfiguration",
    bytes_scanned_cutoff_per_query=123,
    customer_content_encryption_configuration=athena.CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(
        kms_key="kmsKey"
    ),
    enforce_work_group_configuration=False,
    engine_version=athena.CfnWorkGroup.EngineVersionProperty(
        effective_engine_version="effectiveEngineVersion",
        selected_engine_version="selectedEngineVersion"
    ),
    execution_role="executionRole",
    publish_cloud_watch_metrics_enabled=False,
    requester_pays_enabled=False,
    result_configuration=athena.CfnWorkGroup.ResultConfigurationProperty(
        acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
            s3_acl_option="s3AclOption"
        ),
        encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
            encryption_option="encryptionOption",

            # the properties below are optional
            kms_key="kmsKey"
        ),
        expected_bucket_owner="expectedBucketOwner",
        output_location="outputLocation"
    )
)

Attributes

additional_configuration

Specifies a user defined JSON string that is passed to the session engine.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-additionalconfiguration

bytes_scanned_cutoff_per_query

The upper limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.

No default is defined. .. epigraph:

This property currently supports integer types. Support for long values is planned.
See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-bytesscannedcutoffperquery

customer_content_encryption_configuration

Specifies the KMS key that is used to encrypt the user’s data stores in Athena.

This setting does not apply to Athena SQL workgroups.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-customercontentencryptionconfiguration

enforce_work_group_configuration

If set to “true”, the settings for the workgroup override client-side settings.

If set to “false”, client-side settings are used. For more information, see Override client-side settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-enforceworkgroupconfiguration

engine_version

The engine version that all queries running on the workgroup use.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-engineversion

execution_role

Role used to access user resources in an Athena for Apache Spark session.

This property applies only to Spark-enabled workgroups in Athena.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-executionrole

publish_cloud_watch_metrics_enabled

Indicates that the Amazon CloudWatch metrics are enabled for the workgroup.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-publishcloudwatchmetricsenabled

requester_pays_enabled

If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries.

If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see Requester Pays Buckets in the Amazon Simple Storage Service Developer Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-requesterpaysenabled

result_configuration

Specifies the location in Amazon S3 where query results are stored and the encryption option, if any, used for query results.

For more information, see Work with query results and recent queries .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-resultconfiguration

WorkGroupConfigurationUpdatesProperty

class CfnWorkGroup.WorkGroupConfigurationUpdatesProperty(*, additional_configuration=None, bytes_scanned_cutoff_per_query=None, customer_content_encryption_configuration=None, enforce_work_group_configuration=None, engine_version=None, execution_role=None, publish_cloud_watch_metrics_enabled=None, remove_bytes_scanned_cutoff_per_query=None, remove_customer_content_encryption_configuration=None, requester_pays_enabled=None, result_configuration_updates=None)

Bases: object

The configuration information that will be updated for this workgroup, which includes the location in Amazon S3 where query results are stored, the encryption option, if any, used for query results, whether the Amazon CloudWatch Metrics are enabled for the workgroup, whether the workgroup settings override the client-side settings, and the data usage limit for the amount of bytes scanned per query, if it is specified.

Parameters:
  • additional_configuration (Optional[str]) – Additional Configuration that are passed to Athena Spark Calculations running in this workgroup.

  • bytes_scanned_cutoff_per_query (Union[int, float, None]) – The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.

  • customer_content_encryption_configuration (Union[IResolvable, CustomerContentEncryptionConfigurationProperty, Dict[str, Any], None]) – Indicates the KMS key for encrypting notebook content.

  • enforce_work_group_configuration (Union[bool, IResolvable, None]) – If set to “true”, the settings for the workgroup override client-side settings. If set to “false”, client-side settings are used

  • engine_version (Union[IResolvable, EngineVersionProperty, Dict[str, Any], None]) – The Athena engine version for running queries.

  • execution_role (Optional[str]) – Execution Role ARN required to run Athena Spark Calculations.

  • publish_cloud_watch_metrics_enabled (Union[bool, IResolvable, None]) – Indicates that the Amazon CloudWatch metrics are enabled for the workgroup.

  • remove_bytes_scanned_cutoff_per_query (Union[bool, IResolvable, None]) – Indicates that the data usage control limit per query is removed.

  • remove_customer_content_encryption_configuration (Union[bool, IResolvable, None]) –

  • requester_pays_enabled (Union[bool, IResolvable, None]) – If set to true, allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false, workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error.

  • result_configuration_updates (Union[IResolvable, ResultConfigurationUpdatesProperty, Dict[str, Any], None]) – The result configuration information about the queries in this workgroup that will be updated. Includes the updated results location and an updated option for encrypting query results.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_athena as athena

work_group_configuration_updates_property = athena.CfnWorkGroup.WorkGroupConfigurationUpdatesProperty(
    additional_configuration="additionalConfiguration",
    bytes_scanned_cutoff_per_query=123,
    customer_content_encryption_configuration=athena.CfnWorkGroup.CustomerContentEncryptionConfigurationProperty(
        kms_key="kmsKey"
    ),
    enforce_work_group_configuration=False,
    engine_version=athena.CfnWorkGroup.EngineVersionProperty(
        effective_engine_version="effectiveEngineVersion",
        selected_engine_version="selectedEngineVersion"
    ),
    execution_role="executionRole",
    publish_cloud_watch_metrics_enabled=False,
    remove_bytes_scanned_cutoff_per_query=False,
    remove_customer_content_encryption_configuration=False,
    requester_pays_enabled=False,
    result_configuration_updates=athena.CfnWorkGroup.ResultConfigurationUpdatesProperty(
        acl_configuration=athena.CfnWorkGroup.AclConfigurationProperty(
            s3_acl_option="s3AclOption"
        ),
        encryption_configuration=athena.CfnWorkGroup.EncryptionConfigurationProperty(
            encryption_option="encryptionOption",

            # the properties below are optional
            kms_key="kmsKey"
        ),
        expected_bucket_owner="expectedBucketOwner",
        output_location="outputLocation",
        remove_acl_configuration=False,
        remove_encryption_configuration=False,
        remove_expected_bucket_owner=False,
        remove_output_location=False
    )
)

Attributes

additional_configuration

Additional Configuration that are passed to Athena Spark Calculations running in this workgroup.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-additionalconfiguration

bytes_scanned_cutoff_per_query

The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-bytesscannedcutoffperquery

customer_content_encryption_configuration

Indicates the KMS key for encrypting notebook content.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-customercontentencryptionconfiguration

enforce_work_group_configuration

If set to “true”, the settings for the workgroup override client-side settings.

If set to “false”, client-side settings are used

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-enforceworkgroupconfiguration

engine_version

The Athena engine version for running queries.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-engineversion

execution_role

Execution Role ARN required to run Athena Spark Calculations.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-executionrole

publish_cloud_watch_metrics_enabled

Indicates that the Amazon CloudWatch metrics are enabled for the workgroup.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-publishcloudwatchmetricsenabled

remove_bytes_scanned_cutoff_per_query

Indicates that the data usage control limit per query is removed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-removebytesscannedcutoffperquery

remove_customer_content_encryption_configuration

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-removecustomercontentencryptionconfiguration

Type:

see

requester_pays_enabled

If set to true, allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries.

If set to false, workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-requesterpaysenabled

result_configuration_updates

The result configuration information about the queries in this workgroup that will be updated.

Includes the updated results location and an updated option for encrypting query results.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-athena-workgroup-workgroupconfigurationupdates.html#cfn-athena-workgroup-workgroupconfigurationupdates-resultconfigurationupdates