SDK for PHP 3.x

Client: Aws\LakeFormation\LakeFormationClient
Service ID: lakeformation
Version: 2017-03-31

This page describes the parameters and results for the operations of the AWS Lake Formation (2017-03-31), and shows how to use the Aws\LakeFormation\LakeFormationClient object to call the described operations. This documentation is specific to the 2017-03-31 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AddLFTagsToResource ( array $params = [] )
Attaches one or more LF-tags to an existing resource.
AssumeDecoratedRoleWithSAML ( array $params = [] )
Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request.
BatchGrantPermissions ( array $params = [] )
Batch operation to grant permissions to the principal.
BatchRevokePermissions ( array $params = [] )
Batch operation to revoke permissions from the principal.
CancelTransaction ( array $params = [] )
Attempts to cancel the specified transaction.
CommitTransaction ( array $params = [] )
Attempts to commit the specified transaction.
CreateDataCellsFilter ( array $params = [] )
Creates a data cell filter to allow one to grant access to certain columns on certain rows.
CreateLFTag ( array $params = [] )
Creates an LF-tag with the specified name and values.
CreateLFTagExpression ( array $params = [] )
Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body.
CreateLakeFormationIdentityCenterConfiguration ( array $params = [] )
Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
CreateLakeFormationOptIn ( array $params = [] )
Enforce Lake Formation permissions for the given databases, tables, and principals.
DeleteDataCellsFilter ( array $params = [] )
Deletes a data cell filter.
DeleteLFTag ( array $params = [] )
Deletes the specified LF-tag given a key name.
DeleteLFTagExpression ( array $params = [] )
Deletes the LF-Tag expression.
DeleteLakeFormationIdentityCenterConfiguration ( array $params = [] )
Deletes an IAM Identity Center connection with Lake Formation.
DeleteLakeFormationOptIn ( array $params = [] )
Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
DeleteObjectsOnCancel ( array $params = [] )
For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.
DeregisterResource ( array $params = [] )
Deregisters the resource as managed by the Data Catalog.
DescribeLakeFormationIdentityCenterConfiguration ( array $params = [] )
Retrieves the instance ARN and application ARN for the connection.
DescribeResource ( array $params = [] )
Retrieves the current data access role for the given resource registered in Lake Formation.
DescribeTransaction ( array $params = [] )
Returns the details of a single transaction.
ExtendTransaction ( array $params = [] )
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
GetDataCellsFilter ( array $params = [] )
Returns a data cells filter.
GetDataLakePrincipal ( array $params = [] )
Returns the identity of the invoking principal.
GetDataLakeSettings ( array $params = [] )
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
GetEffectivePermissionsForPath ( array $params = [] )
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
GetLFTag ( array $params = [] )
Returns an LF-tag definition.
GetLFTagExpression ( array $params = [] )
Returns the details about the LF-Tag expression.
GetQueryState ( array $params = [] )
Returns the state of a query previously submitted.
GetQueryStatistics ( array $params = [] )
Retrieves statistics on the planning and execution of a query.
GetResourceLFTags ( array $params = [] )
Returns the LF-tags applied to a resource.
GetTableObjects ( array $params = [] )
Returns the set of Amazon S3 objects that make up the specified governed table.
GetTemporaryGluePartitionCredentials ( array $params = [] )
This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.
GetTemporaryGlueTableCredentials ( array $params = [] )
Allows a caller in a secure environment to assume a role with permission to access Amazon S3.
GetWorkUnitResults ( array $params = [] )
Returns the work units resulting from the query.
GetWorkUnits ( array $params = [] )
Retrieves the work units generated by the StartQueryPlanning operation.
GrantPermissions ( array $params = [] )
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
ListDataCellsFilter ( array $params = [] )
Lists all the data cell filters on a table.
ListLFTagExpressions ( array $params = [] )
Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions.
ListLFTags ( array $params = [] )
Lists LF-tags that the requester has permission to view.
ListLakeFormationOptIns ( array $params = [] )
Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
ListPermissions ( array $params = [] )
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
ListResources ( array $params = [] )
Lists the resources registered to be managed by the Data Catalog.
ListTableStorageOptimizers ( array $params = [] )
Returns the configuration of all storage optimizers associated with a specified table.
ListTransactions ( array $params = [] )
Returns metadata about transactions and their status.
PutDataLakeSettings ( array $params = [] )
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
RegisterResource ( array $params = [] )
Registers the resource as managed by the Data Catalog.
RemoveLFTagsFromResource ( array $params = [] )
Removes an LF-tag from the resource.
RevokePermissions ( array $params = [] )
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
SearchDatabasesByLFTags ( array $params = [] )
This operation allows a search on DATABASE resources by TagCondition.
SearchTablesByLFTags ( array $params = [] )
This operation allows a search on TABLE resources by LFTags.
StartQueryPlanning ( array $params = [] )
Submits a request to process a query statement.
StartTransaction ( array $params = [] )
Starts a new transaction and returns its transaction ID.
UpdateDataCellsFilter ( array $params = [] )
Updates a data cell filter.
UpdateLFTag ( array $params = [] )
Updates the list of possible values for the specified LF-tag key.
UpdateLFTagExpression ( array $params = [] )
Updates the name of the LF-Tag expression to the new description and expression body provided.
UpdateLakeFormationIdentityCenterConfiguration ( array $params = [] )
Updates the IAM Identity Center connection parameters.
UpdateResource ( array $params = [] )
Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
UpdateTableObjects ( array $params = [] )
Updates the manifest of Amazon S3 objects that make up the specified governed table.
UpdateTableStorageOptimizer ( array $params = [] )
Updates the configuration of the storage optimizers for a table.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

GetEffectivePermissionsForPath
GetTableObjects
GetWorkUnits
ListDataCellsFilter
ListLFTagExpressions
ListLFTags
ListLakeFormationOptIns
ListPermissions
ListResources
ListTableStorageOptimizers
ListTransactions
SearchDatabasesByLFTags
SearchTablesByLFTags

Operations

AddLFTagsToResource

$result = $client->addLFTagsToResource([/* ... */]);
$promise = $client->addLFTagsToResourceAsync([/* ... */]);

Attaches one or more LF-tags to an existing resource.

Parameter Syntax

$result = $client->addLFTagsToResource([
    'CatalogId' => '<string>',
    'LFTags' => [ // REQUIRED
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

LFTags
Required: Yes
Type: Array of LFTagPair structures

The LF-tags to attach to the resource.

Resource
Required: Yes
Type: Resource structure

The database, table, or column resource to which to attach an LF-tag.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'LFTag' => [
                'CatalogId' => '<string>',
                'TagKey' => '<string>',
                'TagValues' => ['<string>', ...],
            ],
        ],
        // ...
    ],
]

Result Details

Members
Failures
Type: Array of LFTagError structures

A list of failures to tag the resource.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

AssumeDecoratedRoleWithSAML

$result = $client->assumeDecoratedRoleWithSAML([/* ... */]);
$promise = $client->assumeDecoratedRoleWithSAMLAsync([/* ... */]);

Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.

This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:

Parameter Syntax

$result = $client->assumeDecoratedRoleWithSAML([
    'DurationSeconds' => <integer>,
    'PrincipalArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'SAMLAssertion' => '<string>', // REQUIRED
]);

Parameter Details

Members
DurationSeconds
Type: int

The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.

PrincipalArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.

RoleArn
Required: Yes
Type: string

The role that represents an IAM principal whose scope down policy allows it to call credential vending APIs such as GetTemporaryTableCredentials. The caller must also have iam:PassRole permission on this role.

SAMLAssertion
Required: Yes
Type: string

A SAML assertion consisting of an assertion statement for the user who needs temporary credentials. This must match the SAML assertion that was issued to IAM. This must be Base64 encoded.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
]

Result Details

Members
AccessKeyId
Type: string

The access key ID for the temporary credentials. (The access key consists of an access key ID and a secret key).

Expiration
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey
Type: string

The secret key for the temporary credentials. (The access key consists of an access key ID and a secret key).

SessionToken
Type: string

The session token for the temporary credentials.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

AccessDeniedException:

Access to a resource was denied.

BatchGrantPermissions

$result = $client->batchGrantPermissions([/* ... */]);
$promise = $client->batchGrantPermissionsAsync([/* ... */]);

Batch operation to grant permissions to the principal.

Parameter Syntax

$result = $client->batchGrantPermissions([
    'CatalogId' => '<string>',
    'Entries' => [ // REQUIRED
        [
            'Id' => '<string>', // REQUIRED
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                    'Id' => '<string>',
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>', // REQUIRED
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                'LFTagExpression' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>', // REQUIRED
                            'TagValues' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                    'ExpressionName' => '<string>',
                    'ResourceType' => 'DATABASE|TABLE', // REQUIRED
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>', // REQUIRED
                ],
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Entries
Required: Yes
Type: Array of BatchPermissionsRequestEntry structures

A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'RequestEntry' => [
                'Id' => '<string>',
                'Permissions' => ['<string>', ...],
                'PermissionsWithGrantOption' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
                'Resource' => [
                    'Catalog' => [
                        'Id' => '<string>',
                    ],
                    'DataCellsFilter' => [
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableCatalogId' => '<string>',
                        'TableName' => '<string>',
                    ],
                    'DataLocation' => [
                        'CatalogId' => '<string>',
                        'ResourceArn' => '<string>',
                    ],
                    'Database' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTag' => [
                        'CatalogId' => '<string>',
                        'TagKey' => '<string>',
                        'TagValues' => ['<string>', ...],
                    ],
                    'LFTagExpression' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTagPolicy' => [
                        'CatalogId' => '<string>',
                        'Expression' => [
                            [
                                'TagKey' => '<string>',
                                'TagValues' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'ExpressionName' => '<string>',
                        'ResourceType' => 'DATABASE|TABLE',
                    ],
                    'Table' => [
                        'CatalogId' => '<string>',
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableWildcard' => [
                        ],
                    ],
                    'TableWithColumns' => [
                        'CatalogId' => '<string>',
                        'ColumnNames' => ['<string>', ...],
                        'ColumnWildcard' => [
                            'ExcludedColumnNames' => ['<string>', ...],
                        ],
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                    ],
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members
Failures
Type: Array of BatchPermissionsFailureEntry structures

A list of failures to grant permissions to the resources.

Errors

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

BatchRevokePermissions

$result = $client->batchRevokePermissions([/* ... */]);
$promise = $client->batchRevokePermissionsAsync([/* ... */]);

Batch operation to revoke permissions from the principal.

Parameter Syntax

$result = $client->batchRevokePermissions([
    'CatalogId' => '<string>',
    'Entries' => [ // REQUIRED
        [
            'Id' => '<string>', // REQUIRED
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                    'Id' => '<string>',
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>', // REQUIRED
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                'LFTagExpression' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>', // REQUIRED
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>', // REQUIRED
                            'TagValues' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                    'ExpressionName' => '<string>',
                    'ResourceType' => 'DATABASE|TABLE', // REQUIRED
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>', // REQUIRED
                    'Name' => '<string>', // REQUIRED
                ],
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Entries
Required: Yes
Type: Array of BatchPermissionsRequestEntry structures

A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'RequestEntry' => [
                'Id' => '<string>',
                'Permissions' => ['<string>', ...],
                'PermissionsWithGrantOption' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
                'Resource' => [
                    'Catalog' => [
                        'Id' => '<string>',
                    ],
                    'DataCellsFilter' => [
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableCatalogId' => '<string>',
                        'TableName' => '<string>',
                    ],
                    'DataLocation' => [
                        'CatalogId' => '<string>',
                        'ResourceArn' => '<string>',
                    ],
                    'Database' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTag' => [
                        'CatalogId' => '<string>',
                        'TagKey' => '<string>',
                        'TagValues' => ['<string>', ...],
                    ],
                    'LFTagExpression' => [
                        'CatalogId' => '<string>',
                        'Name' => '<string>',
                    ],
                    'LFTagPolicy' => [
                        'CatalogId' => '<string>',
                        'Expression' => [
                            [
                                'TagKey' => '<string>',
                                'TagValues' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'ExpressionName' => '<string>',
                        'ResourceType' => 'DATABASE|TABLE',
                    ],
                    'Table' => [
                        'CatalogId' => '<string>',
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                        'TableWildcard' => [
                        ],
                    ],
                    'TableWithColumns' => [
                        'CatalogId' => '<string>',
                        'ColumnNames' => ['<string>', ...],
                        'ColumnWildcard' => [
                            'ExcludedColumnNames' => ['<string>', ...],
                        ],
                        'DatabaseName' => '<string>',
                        'Name' => '<string>',
                    ],
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members
Failures
Type: Array of BatchPermissionsFailureEntry structures

A list of failures to revoke permissions to the resources.

Errors

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

CancelTransaction

$result = $client->cancelTransaction([/* ... */]);
$promise = $client->cancelTransactionAsync([/* ... */]);

Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.

Parameter Syntax

$result = $client->cancelTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
TransactionId
Required: Yes
Type: string

The transaction to cancel.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

TransactionCommittedException:

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

TransactionCommitInProgressException:

Contains details about an error related to a transaction commit that was in progress.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

CommitTransaction

$result = $client->commitTransaction([/* ... */]);
$promise = $client->commitTransactionAsync([/* ... */]);

Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.

Parameter Syntax

$result = $client->commitTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
TransactionId
Required: Yes
Type: string

The transaction to commit.

Result Syntax

[
    'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
]

Result Details

Members
TransactionStatus
Type: string

The status of the transaction.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

TransactionCanceledException:

Contains details about an error related to a transaction that was cancelled.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

CreateDataCellsFilter

$result = $client->createDataCellsFilter([/* ... */]);
$promise = $client->createDataCellsFilterAsync([/* ... */]);

Creates a data cell filter to allow one to grant access to certain columns on certain rows.

Parameter Syntax

$result = $client->createDataCellsFilter([
    'TableData' => [ // REQUIRED
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>', // REQUIRED
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>', // REQUIRED
        'TableName' => '<string>', // REQUIRED
        'VersionId' => '<string>',
    ],
]);

Parameter Details

Members
TableData
Required: Yes
Type: DataCellsFilter structure

A DataCellsFilter structure containing information about the data cells filter.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AlreadyExistsException:

A resource to be created or added already exists.

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

ResourceNumberLimitExceededException:

A resource numerical limit was exceeded.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

CreateLFTag

$result = $client->createLFTag([/* ... */]);
$promise = $client->createLFTagAsync([/* ... */]);

Creates an LF-tag with the specified name and values.

Parameter Syntax

$result = $client->createLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
    'TagValues' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag.

TagValues
Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

ResourceNumberLimitExceededException:

A resource numerical limit was exceeded.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

CreateLFTagExpression

$result = $client->createLFTagExpression([/* ... */]);
$promise = $client->createLFTagExpressionAsync([/* ... */]);

Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body. This call fails if a LF-Tag expression with the same name already exists in the caller’s account or if the underlying LF-Tags don't exist. To call this API operation, caller needs the following Lake Formation permissions:

CREATE_LF_TAG_EXPRESSION on the root catalog resource.

GRANT_WITH_LF_TAG_EXPRESSION on all underlying LF-Tag key:value pairs included in the expression.

Parameter Syntax

$result = $client->createLFTagExpression([
    'CatalogId' => '<string>',
    'Description' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Description
Type: string

A description with information about the LF-Tag expression.

Expression
Required: Yes
Type: Array of LFTag structures

A list of LF-Tag conditions (key-value pairs).

Name
Required: Yes
Type: string

A name for the expression.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

ResourceNumberLimitExceededException:

A resource numerical limit was exceeded.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

EntityNotFoundException:

A specified entity does not exist.

CreateLakeFormationIdentityCenterConfiguration

$result = $client->createLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->createLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

Parameter Syntax

$result = $client->createLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...], // REQUIRED
        'Status' => 'ENABLED|DISABLED', // REQUIRED
    ],
    'InstanceArn' => '<string>',
    'ShareRecipients' => [
        [
            'DataLakePrincipalIdentifier' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

ExternalFiltering

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

InstanceArn
Type: string

The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

ShareRecipients
Type: Array of DataLakePrincipal structures

A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources.

If the ShareRecipients value is null or the list is empty, no resource share is created.

Result Syntax

[
    'ApplicationArn' => '<string>',
]

Result Details

Members
ApplicationArn
Type: string

The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.

Errors

InvalidInputException:

The input provided was not valid.

AlreadyExistsException:

A resource to be created or added already exists.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

CreateLakeFormationOptIn

$result = $client->createLakeFormationOptIn([/* ... */]);
$promise = $client->createLakeFormationOptInAsync([/* ... */]);

Enforce Lake Formation permissions for the given databases, tables, and principals.

Parameter Syntax

$result = $client->createLakeFormationOptIn([
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
Principal
Required: Yes
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource
Required: Yes
Type: Resource structure

A structure for the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

DeleteDataCellsFilter

$result = $client->deleteDataCellsFilter([/* ... */]);
$promise = $client->deleteDataCellsFilterAsync([/* ... */]);

Deletes a data cell filter.

Parameter Syntax

$result = $client->deleteDataCellsFilter([
    'DatabaseName' => '<string>',
    'Name' => '<string>',
    'TableCatalogId' => '<string>',
    'TableName' => '<string>',
]);

Parameter Details

Members
DatabaseName
Type: string

A database in the Glue Data Catalog.

Name
Type: string

The name given by the user to the data filter cell.

TableCatalogId
Type: string

The ID of the catalog to which the table belongs.

TableName
Type: string

A table in the database.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

DeleteLFTag

$result = $client->deleteLFTag([/* ... */]);
$promise = $client->deleteLFTagAsync([/* ... */]);

Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.

Parameter Syntax

$result = $client->deleteLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

DeleteLFTagExpression

$result = $client->deleteLFTagExpression([/* ... */]);
$promise = $client->deleteLFTagExpressionAsync([/* ... */]);

Deletes the LF-Tag expression. The caller must be a data lake admin or have DROP permissions on the LF-Tag expression. Deleting a LF-Tag expression will also delete all LFTagPolicy permissions referencing the LF-Tag expression.

Parameter Syntax

$result = $client->deleteLFTagExpression([
    'CatalogId' => '<string>',
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID in which the LF-Tag expression is saved.

Name
Required: Yes
Type: string

The name for the LF-Tag expression.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

DeleteLakeFormationIdentityCenterConfiguration

$result = $client->deleteLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->deleteLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Deletes an IAM Identity Center connection with Lake Formation.

Parameter Syntax

$result = $client->deleteLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definition, and other control information to manage your Lake Formation environment.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

DeleteLakeFormationOptIn

$result = $client->deleteLakeFormationOptIn([/* ... */]);
$promise = $client->deleteLakeFormationOptInAsync([/* ... */]);

Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

Parameter Syntax

$result = $client->deleteLakeFormationOptIn([
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
Principal
Required: Yes
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource
Required: Yes
Type: Resource structure

A structure for the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

DeleteObjectsOnCancel

$result = $client->deleteObjectsOnCancel([/* ... */]);
$promise = $client->deleteObjectsOnCancelAsync([/* ... */]);

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.

The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.

Parameter Syntax

$result = $client->deleteObjectsOnCancel([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'Objects' => [ // REQUIRED
        [
            'ETag' => '<string>',
            'Uri' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The Glue data catalog that contains the governed table. Defaults to the current account ID.

DatabaseName
Required: Yes
Type: string

The database that contains the governed table.

Objects
Required: Yes
Type: Array of VirtualObject structures

A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.

TableName
Required: Yes
Type: string

The name of the governed table.

TransactionId
Required: Yes
Type: string

ID of the transaction that the writes occur in.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

TransactionCommittedException:

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

TransactionCanceledException:

Contains details about an error related to a transaction that was cancelled.

ResourceNotReadyException:

Contains details about an error related to a resource which is not ready for a transaction.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

DeregisterResource

$result = $client->deregisterResource([/* ... */]);
$promise = $client->deregisterResourceAsync([/* ... */]);

Deregisters the resource as managed by the Data Catalog.

When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

Parameter Syntax

$result = $client->deregisterResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource that you want to deregister.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

DescribeLakeFormationIdentityCenterConfiguration

$result = $client->describeLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->describeLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Retrieves the instance ARN and application ARN for the connection.

Parameter Syntax

$result = $client->describeLakeFormationIdentityCenterConfiguration([
    'CatalogId' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Result Syntax

[
    'ApplicationArn' => '<string>',
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...],
        'Status' => 'ENABLED|DISABLED',
    ],
    'InstanceArn' => '<string>',
    'ResourceShare' => '<string>',
    'ShareRecipients' => [
        [
            'DataLakePrincipalIdentifier' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
ApplicationArn
Type: string

The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.

CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

ExternalFiltering

Indicates if external filtering is enabled.

InstanceArn
Type: string

The Amazon Resource Name (ARN) of the connection.

ResourceShare
Type: string

The Amazon Resource Name (ARN) of the RAM share.

ShareRecipients
Type: Array of DataLakePrincipal structures

A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources as the ShareRecipients.

If the ShareRecipients value is null or the list is empty, no resource share is created.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

DescribeResource

$result = $client->describeResource([/* ... */]);
$promise = $client->describeResourceAsync([/* ... */]);

Retrieves the current data access role for the given resource registered in Lake Formation.

Parameter Syntax

$result = $client->describeResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ResourceArn
Required: Yes
Type: string

The resource ARN.

Result Syntax

[
    'ResourceInfo' => [
        'HybridAccessEnabled' => true || false,
        'LastModified' => <DateTime>,
        'ResourceArn' => '<string>',
        'RoleArn' => '<string>',
        'WithFederation' => true || false,
    ],
]

Result Details

Members
ResourceInfo
Type: ResourceInfo structure

A structure containing information about an Lake Formation resource.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

DescribeTransaction

$result = $client->describeTransaction([/* ... */]);
$promise = $client->describeTransactionAsync([/* ... */]);

Returns the details of a single transaction.

Parameter Syntax

$result = $client->describeTransaction([
    'TransactionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
TransactionId
Required: Yes
Type: string

The transaction for which to return status.

Result Syntax

[
    'TransactionDescription' => [
        'TransactionEndTime' => <DateTime>,
        'TransactionId' => '<string>',
        'TransactionStartTime' => <DateTime>,
        'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
    ],
]

Result Details

Members
TransactionDescription
Type: TransactionDescription structure

Returns a TransactionDescription object containing information about the transaction.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

ExtendTransaction

$result = $client->extendTransaction([/* ... */]);
$promise = $client->extendTransactionAsync([/* ... */]);

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.

Parameter Syntax

$result = $client->extendTransaction([
    'TransactionId' => '<string>',
]);

Parameter Details

Members
TransactionId
Type: string

The transaction to extend.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

TransactionCommittedException:

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

TransactionCanceledException:

Contains details about an error related to a transaction that was cancelled.

TransactionCommitInProgressException:

Contains details about an error related to a transaction commit that was in progress.

GetDataCellsFilter

$result = $client->getDataCellsFilter([/* ... */]);
$promise = $client->getDataCellsFilterAsync([/* ... */]);

Returns a data cells filter.

Parameter Syntax

$result = $client->getDataCellsFilter([
    'DatabaseName' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'TableCatalogId' => '<string>', // REQUIRED
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members
DatabaseName
Required: Yes
Type: string

A database in the Glue Data Catalog.

Name
Required: Yes
Type: string

The name given by the user to the data filter cell.

TableCatalogId
Required: Yes
Type: string

The ID of the catalog to which the table belongs.

TableName
Required: Yes
Type: string

A table in the database.

Result Syntax

[
    'DataCellsFilter' => [
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>',
        'Name' => '<string>',
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>',
        'TableName' => '<string>',
        'VersionId' => '<string>',
    ],
]

Result Details

Members
DataCellsFilter
Type: DataCellsFilter structure

A structure that describes certain columns on certain rows.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

InternalServiceException:

An internal service error occurred.

AccessDeniedException:

Access to a resource was denied.

GetDataLakePrincipal

$result = $client->getDataLakePrincipal([/* ... */]);
$promise = $client->getDataLakePrincipalAsync([/* ... */]);

Returns the identity of the invoking principal.

Parameter Syntax

$result = $client->getDataLakePrincipal([
]);

Parameter Details

Members

Result Syntax

[
    'Identity' => '<string>',
]

Result Details

Members
Identity
Type: string

A unique identifier of the invoking principal.

Errors

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

GetDataLakeSettings

$result = $client->getDataLakeSettings([/* ... */]);
$promise = $client->getDataLakeSettingsAsync([/* ... */]);

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

Parameter Syntax

$result = $client->getDataLakeSettings([
    'CatalogId' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Result Syntax

[
    'DataLakeSettings' => [
        'AllowExternalDataFiltering' => true || false,
        'AllowFullTableExternalDataAccess' => true || false,
        'AuthorizedSessionTagValueList' => ['<string>', ...],
        'CreateDatabaseDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'CreateTableDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'DataLakeAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'ExternalDataFilteringAllowList' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'Parameters' => ['<string>', ...],
        'ReadOnlyAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'TrustedResourceOwners' => ['<string>', ...],
    ],
]

Result Details

Members
DataLakeSettings
Type: DataLakeSettings structure

A structure representing a list of Lake Formation principals designated as data lake administrators.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

GetEffectivePermissionsForPath

$result = $client->getEffectivePermissionsForPath([/* ... */]);
$promise = $client->getEffectivePermissionsForPathAsync([/* ... */]);

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

Parameter Syntax

$result = $client->getEffectivePermissionsForPath([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource for which you want to get permissions.

Result Syntax

[
    'NextToken' => '<string>',
    'Permissions' => [
        [
            'AdditionalDetails' => [
                'ResourceShare' => ['<string>', ...],
            ],
            'Condition' => [
                'Expression' => '<string>',
            ],
            'LastUpdated' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                    'Id' => '<string>',
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagExpression' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ExpressionName' => '<string>',
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Permissions
Type: Array of PrincipalResourcePermissions structures

A list of the permissions for the specified table or database resource located at the path in Amazon S3.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

OperationTimeoutException:

The operation timed out.

InternalServiceException:

An internal service error occurred.

GetLFTag

$result = $client->getLFTag([/* ... */]);
$promise = $client->getLFTagAsync([/* ... */]);

Returns an LF-tag definition.

Parameter Syntax

$result = $client->getLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag.

Result Syntax

[
    'CatalogId' => '<string>',
    'TagKey' => '<string>',
    'TagValues' => ['<string>', ...],
]

Result Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Type: string

The key-name for the LF-tag.

TagValues
Type: Array of strings

A list of possible values an attribute can take.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

GetLFTagExpression

$result = $client->getLFTagExpression([/* ... */]);
$promise = $client->getLFTagExpressionAsync([/* ... */]);

Returns the details about the LF-Tag expression. The caller must be a data lake admin or must have DESCRIBE permission on the LF-Tag expression resource.

Parameter Syntax

$result = $client->getLFTagExpression([
    'CatalogId' => '<string>',
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID.

Name
Required: Yes
Type: string

The name for the LF-Tag expression

Result Syntax

[
    'CatalogId' => '<string>',
    'Description' => '<string>',
    'Expression' => [
        [
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
    'Name' => '<string>',
]

Result Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID in which the LF-Tag expression is saved.

Description
Type: string

The description with information about the LF-Tag expression.

Expression
Type: Array of LFTag structures

The body of the LF-Tag expression. It is composed of one or more LF-Tag key-value pairs.

Name
Type: string

The name for the LF-Tag expression.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

GetQueryState

$result = $client->getQueryState([/* ... */]);
$promise = $client->getQueryStateAsync([/* ... */]);

Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.

Parameter Syntax

$result = $client->getQueryState([
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members
QueryId
Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'Error' => '<string>',
    'State' => 'PENDING|WORKUNITS_AVAILABLE|ERROR|FINISHED|EXPIRED',
]

Result Details

Members
Error
Type: string

An error message when the operation fails.

State
Required: Yes
Type: string

The state of a query previously submitted. The possible states are:

  • PENDING: the query is pending.

  • WORKUNITS_AVAILABLE: some work units are ready for retrieval and execution.

  • FINISHED: the query planning finished successfully, and all work units are ready for retrieval and execution.

  • ERROR: an error occurred with the query, such as an invalid query ID or a backend error.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

GetQueryStatistics

$result = $client->getQueryStatistics([/* ... */]);
$promise = $client->getQueryStatisticsAsync([/* ... */]);

Retrieves statistics on the planning and execution of a query.

Parameter Syntax

$result = $client->getQueryStatistics([
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members
QueryId
Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'ExecutionStatistics' => [
        'AverageExecutionTimeMillis' => <integer>,
        'DataScannedBytes' => <integer>,
        'WorkUnitsExecutedCount' => <integer>,
    ],
    'PlanningStatistics' => [
        'EstimatedDataToScanBytes' => <integer>,
        'PlanningTimeMillis' => <integer>,
        'QueueTimeMillis' => <integer>,
        'WorkUnitsGeneratedCount' => <integer>,
    ],
    'QuerySubmissionTime' => <DateTime>,
]

Result Details

Members
ExecutionStatistics
Type: ExecutionStatistics structure

An ExecutionStatistics structure containing execution statistics.

PlanningStatistics
Type: PlanningStatistics structure

A PlanningStatistics structure containing query planning statistics.

QuerySubmissionTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the query was submitted.

Errors

StatisticsNotReadyYetException:

Contains details about an error related to statistics not being ready.

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

ExpiredException:

Contains details about an error where the query request expired.

ThrottledException:

Contains details about an error where the query request was throttled.

GetResourceLFTags

$result = $client->getResourceLFTags([/* ... */]);
$promise = $client->getResourceLFTagsAsync([/* ... */]);

Returns the LF-tags applied to a resource.

Parameter Syntax

$result = $client->getResourceLFTags([
    'CatalogId' => '<string>',
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
    'ShowAssignedLFTags' => true || false,
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Resource
Required: Yes
Type: Resource structure

The database, table, or column resource for which you want to return LF-tags.

ShowAssignedLFTags
Type: boolean

Indicates whether to show the assigned LF-tags.

Result Syntax

[
    'LFTagOnDatabase' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
    'LFTagsOnColumns' => [
        [
            'LFTags' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'Name' => '<string>',
        ],
        // ...
    ],
    'LFTagsOnTable' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
LFTagOnDatabase
Type: Array of LFTagPair structures

A list of LF-tags applied to a database resource.

LFTagsOnColumns
Type: Array of ColumnLFTag structures

A list of LF-tags applied to a column resource.

LFTagsOnTable
Type: Array of LFTagPair structures

A list of LF-tags applied to a table resource.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

GlueEncryptionException:

An encryption operation failed.

AccessDeniedException:

Access to a resource was denied.

GetTableObjects

$result = $client->getTableObjects([/* ... */]);
$promise = $client->getTableObjectsAsync([/* ... */]);

Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.

Parameter Syntax

$result = $client->getTableObjects([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'PartitionPredicate' => '<string>',
    'QueryAsOfTime' => <integer || string || DateTime>,
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The catalog containing the governed table. Defaults to the caller’s account.

DatabaseName
Required: Yes
Type: string

The database containing the governed table.

MaxResults
Type: int

Specifies how many values to return in a page.

NextToken
Type: string

A continuation token if this is not the first call to retrieve these objects.

PartitionPredicate
Type: string

A predicate to filter the objects returned based on the partition keys defined in the governed table.

  • The comparison operators supported are: =, >, <, >=, <=

  • The logical operators supported are: AND

  • The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.

QueryAsOfTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with TransactionId.

TableName
Required: Yes
Type: string

The governed table for which to retrieve objects.

TransactionId
Type: string

The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with QueryAsOfTime.

Result Syntax

[
    'NextToken' => '<string>',
    'Objects' => [
        [
            'Objects' => [
                [
                    'ETag' => '<string>',
                    'Size' => <integer>,
                    'Uri' => '<string>',
                ],
                // ...
            ],
            'PartitionValues' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token indicating whether additional data is available.

Objects
Type: Array of PartitionObjects structures

A list of objects organized by partition keys.

Errors

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

TransactionCommittedException:

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

TransactionCanceledException:

Contains details about an error related to a transaction that was cancelled.

ResourceNotReadyException:

Contains details about an error related to a resource which is not ready for a transaction.

GetTemporaryGluePartitionCredentials

$result = $client->getTemporaryGluePartitionCredentials([/* ... */]);
$promise = $client->getTemporaryGluePartitionCredentialsAsync([/* ... */]);

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

Parameter Syntax

$result = $client->getTemporaryGluePartitionCredentials([
    'AuditContext' => [
        'AdditionalAuditContext' => '<string>',
    ],
    'DurationSeconds' => <integer>,
    'Partition' => [ // REQUIRED
        'Values' => ['<string>', ...], // REQUIRED
    ],
    'Permissions' => ['<string>', ...],
    'SupportedPermissionTypes' => ['<string>', ...],
    'TableArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
AuditContext
Type: AuditContext structure

A structure representing context to access a resource (column names, query ID, etc).

DurationSeconds
Type: int

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

Partition
Required: Yes
Type: PartitionValueList structure

A list of partition values identifying a single partition.

Permissions
Type: Array of strings

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

SupportedPermissionTypes
Type: Array of strings

A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

TableArn
Required: Yes
Type: string

The ARN of the partitions' table.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
]

Result Details

Members
AccessKeyId
Type: string

The access key ID for the temporary credentials.

Expiration
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey
Type: string

The secret key for the temporary credentials.

SessionToken
Type: string

The session token for the temporary credentials.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

AccessDeniedException:

Access to a resource was denied.

PermissionTypeMismatchException:

The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

GetTemporaryGlueTableCredentials

$result = $client->getTemporaryGlueTableCredentials([/* ... */]);
$promise = $client->getTemporaryGlueTableCredentialsAsync([/* ... */]);

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

To call this API, the role that the service assumes must have lakeformation:GetDataAccess permission on the resource.

Parameter Syntax

$result = $client->getTemporaryGlueTableCredentials([
    'AuditContext' => [
        'AdditionalAuditContext' => '<string>',
    ],
    'DurationSeconds' => <integer>,
    'Permissions' => ['<string>', ...],
    'QuerySessionContext' => [
        'AdditionalContext' => ['<string>', ...],
        'ClusterId' => '<string>',
        'QueryAuthorizationId' => '<string>',
        'QueryId' => '<string>',
        'QueryStartTime' => <integer || string || DateTime>,
    ],
    'S3Path' => '<string>',
    'SupportedPermissionTypes' => ['<string>', ...],
    'TableArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
AuditContext
Type: AuditContext structure

A structure representing context to access a resource (column names, query ID, etc).

DurationSeconds
Type: int

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

Permissions
Type: Array of strings

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

QuerySessionContext
Type: QuerySessionContext structure

A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.

S3Path
Type: string

The Amazon S3 path for the table.

SupportedPermissionTypes
Type: Array of strings

A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

TableArn
Required: Yes
Type: string

The ARN identifying a table in the Data Catalog for the temporary credentials request.

Result Syntax

[
    'AccessKeyId' => '<string>',
    'Expiration' => <DateTime>,
    'SecretAccessKey' => '<string>',
    'SessionToken' => '<string>',
    'VendedS3Path' => ['<string>', ...],
]

Result Details

Members
AccessKeyId
Type: string

The access key ID for the temporary credentials.

Expiration
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the temporary credentials expire.

SecretAccessKey
Type: string

The secret key for the temporary credentials.

SessionToken
Type: string

The session token for the temporary credentials.

VendedS3Path
Type: Array of strings

The Amazon S3 path for the temporary credentials.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

AccessDeniedException:

Access to a resource was denied.

PermissionTypeMismatchException:

The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

GetWorkUnitResults

$result = $client->getWorkUnitResults([/* ... */]);
$promise = $client->getWorkUnitResultsAsync([/* ... */]);

Returns the work units resulting from the query. Work units can be executed in any order and in parallel.

Parameter Syntax

$result = $client->getWorkUnitResults([
    'QueryId' => '<string>', // REQUIRED
    'WorkUnitId' => <integer>, // REQUIRED
    'WorkUnitToken' => '<string>', // REQUIRED
]);

Parameter Details

Members
QueryId
Required: Yes
Type: string

The ID of the plan query operation for which to get results.

WorkUnitId
Required: Yes
Type: long (int|float)

The work unit ID for which to get results. Value generated by enumerating WorkUnitIdMin to WorkUnitIdMax (inclusive) from the WorkUnitRange in the output of GetWorkUnits.

WorkUnitToken
Required: Yes
Type: string

A work token used to query the execution service. Token output from GetWorkUnits.

Result Syntax

[
    'ResultStream' => <string || resource || Psr\Http\Message\StreamInterface>,
]

Result Details

Members
ResultStream
Type: blob (string|resource|Psr\Http\Message\StreamInterface)

Rows returned from the GetWorkUnitResults operation as a stream of Apache Arrow v1.0 messages.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

ExpiredException:

Contains details about an error where the query request expired.

ThrottledException:

Contains details about an error where the query request was throttled.

GetWorkUnits

$result = $client->getWorkUnits([/* ... */]);
$promise = $client->getWorkUnitsAsync([/* ... */]);

Retrieves the work units generated by the StartQueryPlanning operation.

Parameter Syntax

$result = $client->getWorkUnits([
    'NextToken' => '<string>',
    'PageSize' => <integer>,
    'QueryId' => '<string>', // REQUIRED
]);

Parameter Details

Members
NextToken
Type: string

A continuation token, if this is a continuation call.

PageSize
Type: int

The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.

QueryId
Required: Yes
Type: string

The ID of the plan query operation.

Result Syntax

[
    'NextToken' => '<string>',
    'QueryId' => '<string>',
    'WorkUnitRanges' => [
        [
            'WorkUnitIdMax' => <integer>,
            'WorkUnitIdMin' => <integer>,
            'WorkUnitToken' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.

QueryId
Required: Yes
Type: string

The ID of the plan query operation.

WorkUnitRanges
Required: Yes
Type: Array of WorkUnitRange structures

A WorkUnitRangeList object that specifies the valid range of work unit IDs for querying the execution service.

Errors

WorkUnitsNotReadyYetException:

Contains details about an error related to work units not being ready.

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

ExpiredException:

Contains details about an error where the query request expired.

GrantPermissions

$result = $client->grantPermissions([/* ... */]);
$promise = $client->grantPermissionsAsync([/* ... */]);

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

For information about permissions, see Security and Access Control to Metadata and Data.

Parameter Syntax

$result = $client->grantPermissions([
    'CatalogId' => '<string>',
    'Permissions' => ['<string>', ...], // REQUIRED
    'PermissionsWithGrantOption' => ['<string>', ...],
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Permissions
Required: Yes
Type: Array of strings

The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.

PermissionsWithGrantOption
Type: Array of strings

Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the Privileges.

Principal
Required: Yes
Type: DataLakePrincipal structure

The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.

Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.

Resource
Required: Yes
Type: Resource structure

The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

ListDataCellsFilter

$result = $client->listDataCellsFilter([/* ... */]);
$promise = $client->listDataCellsFilterAsync([/* ... */]);

Lists all the data cell filters on a table.

Parameter Syntax

$result = $client->listDataCellsFilter([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Table' => [
        'CatalogId' => '<string>',
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>',
        'TableWildcard' => [
        ],
    ],
]);

Parameter Details

Members
MaxResults
Type: int

The maximum size of the response.

NextToken
Type: string

A continuation token, if this is a continuation call.

Table
Type: TableResource structure

A table in the Glue Data Catalog.

Result Syntax

[
    'DataCellsFilters' => [
        [
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'RowFilter' => [
                'AllRowsWildcard' => [
                ],
                'FilterExpression' => '<string>',
            ],
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
            'VersionId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
DataCellsFilters
Type: Array of DataCellsFilter structures

A list of DataCellFilter structures.

NextToken
Type: string

A continuation token, if not all requested data cell filters have been returned.

Errors

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

InternalServiceException:

An internal service error occurred.

AccessDeniedException:

Access to a resource was denied.

ListLFTagExpressions

$result = $client->listLFTagExpressions([/* ... */]);
$promise = $client->listLFTagExpressionsAsync([/* ... */]);

Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions. Data Lake and read only admins implicitly can see all tag expressions in their account, else caller needs DESCRIBE permissions on tag expression.

Parameter Syntax

$result = $client->listLFTagExpressions([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Result Syntax

[
    'LFTagExpressions' => [
        [
            'CatalogId' => '<string>',
            'Description' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'Name' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
LFTagExpressions
Type: Array of LFTagExpression structures

Logical expressions composed of one more LF-Tag key-value pairs.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ListLFTags

$result = $client->listLFTags([/* ... */]);
$promise = $client->listLFTagsAsync([/* ... */]);

Lists LF-tags that the requester has permission to view.

Parameter Syntax

$result = $client->listLFTags([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceShareType' => 'FOREIGN|ALL',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

ResourceShareType
Type: string

If resource share type is ALL, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type is FOREIGN, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.

Result Syntax

[
    'LFTags' => [
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>',
            'TagValues' => ['<string>', ...],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
LFTags
Type: Array of LFTagPair structures

A list of LF-tags that the requested has permission to view.

NextToken
Type: string

A continuation token, present if the current list segment is not the last.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ListLakeFormationOptIns

$result = $client->listLakeFormationOptIns([/* ... */]);
$promise = $client->listLakeFormationOptInsAsync([/* ... */]);

Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

Parameter Syntax

$result = $client->listLakeFormationOptIns([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Principal' => [
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Principal
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource
Type: Resource structure

A structure for the resource.

Result Syntax

[
    'LakeFormationOptInsInfoList' => [
        [
            'Condition' => [
                'Expression' => '<string>',
            ],
            'LastModified' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                    'Id' => '<string>',
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagExpression' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ExpressionName' => '<string>',
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
LakeFormationOptInsInfoList
Type: Array of LakeFormationOptInsInfo structures

A list of principal-resource pairs that have Lake Formation permissins enforced.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ListPermissions

$result = $client->listPermissions([/* ... */]);
$promise = $client->listPermissionsAsync([/* ... */]);

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

This operation returns only those permissions that have been explicitly granted.

For information about permissions, see Security and Access Control to Metadata and Data.

Parameter Syntax

$result = $client->listPermissions([
    'CatalogId' => '<string>',
    'IncludeRelated' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Principal' => [
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
    'ResourceType' => 'CATALOG|DATABASE|TABLE|DATA_LOCATION|LF_TAG|LF_TAG_POLICY|LF_TAG_POLICY_DATABASE|LF_TAG_POLICY_TABLE|LF_NAMED_TAG_EXPRESSION',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

IncludeRelated
Type: string

Indicates that related permissions should be included in the results.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Principal
Type: DataLakePrincipal structure

Specifies a principal to filter the permissions returned.

Resource
Type: Resource structure

A resource where you will get a list of the principal permissions.

This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.

ResourceType
Type: string

Specifies a resource type to filter the permissions returned.

Result Syntax

[
    'NextToken' => '<string>',
    'PrincipalResourcePermissions' => [
        [
            'AdditionalDetails' => [
                'ResourceShare' => ['<string>', ...],
            ],
            'Condition' => [
                'Expression' => '<string>',
            ],
            'LastUpdated' => <DateTime>,
            'LastUpdatedBy' => '<string>',
            'Permissions' => ['<string>', ...],
            'PermissionsWithGrantOption' => ['<string>', ...],
            'Principal' => [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            'Resource' => [
                'Catalog' => [
                    'Id' => '<string>',
                ],
                'DataCellsFilter' => [
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableCatalogId' => '<string>',
                    'TableName' => '<string>',
                ],
                'DataLocation' => [
                    'CatalogId' => '<string>',
                    'ResourceArn' => '<string>',
                ],
                'Database' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTag' => [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                'LFTagExpression' => [
                    'CatalogId' => '<string>',
                    'Name' => '<string>',
                ],
                'LFTagPolicy' => [
                    'CatalogId' => '<string>',
                    'Expression' => [
                        [
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'ExpressionName' => '<string>',
                    'ResourceType' => 'DATABASE|TABLE',
                ],
                'Table' => [
                    'CatalogId' => '<string>',
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                    'TableWildcard' => [
                    ],
                ],
                'TableWithColumns' => [
                    'CatalogId' => '<string>',
                    'ColumnNames' => ['<string>', ...],
                    'ColumnWildcard' => [
                        'ExcludedColumnNames' => ['<string>', ...],
                    ],
                    'DatabaseName' => '<string>',
                    'Name' => '<string>',
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

PrincipalResourcePermissions
Type: Array of PrincipalResourcePermissions structures

A list of principals and their permissions on the resource for the specified principal and resource types.

Errors

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

InternalServiceException:

An internal service error occurred.

ListResources

$result = $client->listResources([/* ... */]);
$promise = $client->listResourcesAsync([/* ... */]);

Lists the resources registered to be managed by the Data Catalog.

Parameter Syntax

$result = $client->listResources([
    'FilterConditionList' => [
        [
            'ComparisonOperator' => 'EQ|NE|LE|LT|GE|GT|CONTAINS|NOT_CONTAINS|BEGINS_WITH|IN|BETWEEN',
            'Field' => 'RESOURCE_ARN|ROLE_ARN|LAST_MODIFIED',
            'StringValueList' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
FilterConditionList
Type: Array of FilterCondition structures

Any applicable row-level and/or column-level filtering conditions for the resources.

MaxResults
Type: int

The maximum number of resource results.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve these resources.

Result Syntax

[
    'NextToken' => '<string>',
    'ResourceInfoList' => [
        [
            'HybridAccessEnabled' => true || false,
            'LastModified' => <DateTime>,
            'ResourceArn' => '<string>',
            'RoleArn' => '<string>',
            'WithFederation' => true || false,
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token, if this is not the first call to retrieve these resources.

ResourceInfoList
Type: Array of ResourceInfo structures

A summary of the data lake resources.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

ListTableStorageOptimizers

$result = $client->listTableStorageOptimizers([/* ... */]);
$promise = $client->listTableStorageOptimizersAsync([/* ... */]);

Returns the configuration of all storage optimizers associated with a specified table.

Parameter Syntax

$result = $client->listTableStorageOptimizers([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The Catalog ID of the table.

DatabaseName
Required: Yes
Type: string

Name of the database where the table is present.

MaxResults
Type: int

The number of storage optimizers to return on each call.

NextToken
Type: string

A continuation token, if this is a continuation call.

StorageOptimizerType
Type: string

The specific type of storage optimizers to list. The supported value is compaction.

TableName
Required: Yes
Type: string

Name of the table.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageOptimizerList' => [
        [
            'Config' => ['<string>', ...],
            'ErrorMessage' => '<string>',
            'LastRunDetails' => '<string>',
            'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
            'Warnings' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.

StorageOptimizerList
Type: Array of StorageOptimizer structures

A list of the storage optimizers associated with a table.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

InternalServiceException:

An internal service error occurred.

ListTransactions

$result = $client->listTransactions([/* ... */]);
$promise = $client->listTransactionsAsync([/* ... */]);

Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.

This operation can help you identify uncommitted transactions or to get information about transactions.

Parameter Syntax

$result = $client->listTransactions([
    'CatalogId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StatusFilter' => 'ALL|COMPLETED|ACTIVE|COMMITTED|ABORTED',
]);

Parameter Details

Members
CatalogId
Type: string

The catalog for which to list transactions. Defaults to the account ID of the caller.

MaxResults
Type: int

The maximum number of transactions to return in a single call.

NextToken
Type: string

A continuation token if this is not the first call to retrieve transactions.

StatusFilter
Type: string

A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is ALL.

Result Syntax

[
    'NextToken' => '<string>',
    'Transactions' => [
        [
            'TransactionEndTime' => <DateTime>,
            'TransactionId' => '<string>',
            'TransactionStartTime' => <DateTime>,
            'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token indicating whether additional data is available.

Transactions
Type: Array of TransactionDescription structures

A list of transactions. The record for each transaction is a TransactionDescription object.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

PutDataLakeSettings

$result = $client->putDataLakeSettings([/* ... */]);
$promise = $client->putDataLakeSettingsAsync([/* ... */]);

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

Parameter Syntax

$result = $client->putDataLakeSettings([
    'CatalogId' => '<string>',
    'DataLakeSettings' => [ // REQUIRED
        'AllowExternalDataFiltering' => true || false,
        'AllowFullTableExternalDataAccess' => true || false,
        'AuthorizedSessionTagValueList' => ['<string>', ...],
        'CreateDatabaseDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'CreateTableDefaultPermissions' => [
            [
                'Permissions' => ['<string>', ...],
                'Principal' => [
                    'DataLakePrincipalIdentifier' => '<string>',
                ],
            ],
            // ...
        ],
        'DataLakeAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'ExternalDataFilteringAllowList' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'Parameters' => ['<string>', ...],
        'ReadOnlyAdmins' => [
            [
                'DataLakePrincipalIdentifier' => '<string>',
            ],
            // ...
        ],
        'TrustedResourceOwners' => ['<string>', ...],
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

DataLakeSettings
Required: Yes
Type: DataLakeSettings structure

A structure representing a list of Lake Formation principals designated as data lake administrators.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

RegisterResource

$result = $client->registerResource([/* ... */]);
$promise = $client->registerResourceAsync([/* ... */]);

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

arn:aws:iam::12345:role/my-data-access-role

Parameter Syntax

$result = $client->registerResource([
    'HybridAccessEnabled' => true || false,
    'ResourceArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>',
    'UseServiceLinkedRole' => true || false,
    'WithFederation' => true || false,
]);

Parameter Details

Members
HybridAccessEnabled
Type: boolean

Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the resource that you want to register.

RoleArn
Type: string

The identifier for the role that registers the resource.

UseServiceLinkedRole
Type: boolean

Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.

For more information, see Using Service-Linked Roles for Lake Formation.

WithFederation
Type: boolean

Whether or not the resource is a federated resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AlreadyExistsException:

A resource to be created or added already exists.

EntityNotFoundException:

A specified entity does not exist.

ResourceNumberLimitExceededException:

A resource numerical limit was exceeded.

AccessDeniedException:

Access to a resource was denied.

RemoveLFTagsFromResource

$result = $client->removeLFTagsFromResource([/* ... */]);
$promise = $client->removeLFTagsFromResourceAsync([/* ... */]);

Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.

Parameter Syntax

$result = $client->removeLFTagsFromResource([
    'CatalogId' => '<string>',
    'LFTags' => [ // REQUIRED
        [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

LFTags
Required: Yes
Type: Array of LFTagPair structures

The LF-tags to be removed from the resource.

Resource
Required: Yes
Type: Resource structure

The database, table, or column resource where you want to remove an LF-tag.

Result Syntax

[
    'Failures' => [
        [
            'Error' => [
                'ErrorCode' => '<string>',
                'ErrorMessage' => '<string>',
            ],
            'LFTag' => [
                'CatalogId' => '<string>',
                'TagKey' => '<string>',
                'TagValues' => ['<string>', ...],
            ],
        ],
        // ...
    ],
]

Result Details

Members
Failures
Type: Array of LFTagError structures

A list of failures to untag a resource.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

GlueEncryptionException:

An encryption operation failed.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

RevokePermissions

$result = $client->revokePermissions([/* ... */]);
$promise = $client->revokePermissionsAsync([/* ... */]);

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Parameter Syntax

$result = $client->revokePermissions([
    'CatalogId' => '<string>',
    'Permissions' => ['<string>', ...], // REQUIRED
    'PermissionsWithGrantOption' => ['<string>', ...],
    'Principal' => [ // REQUIRED
        'DataLakePrincipalIdentifier' => '<string>',
    ],
    'Resource' => [ // REQUIRED
        'Catalog' => [
            'Id' => '<string>',
        ],
        'DataCellsFilter' => [
            'DatabaseName' => '<string>',
            'Name' => '<string>',
            'TableCatalogId' => '<string>',
            'TableName' => '<string>',
        ],
        'DataLocation' => [
            'CatalogId' => '<string>',
            'ResourceArn' => '<string>', // REQUIRED
        ],
        'Database' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTag' => [
            'CatalogId' => '<string>',
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        'LFTagExpression' => [
            'CatalogId' => '<string>',
            'Name' => '<string>', // REQUIRED
        ],
        'LFTagPolicy' => [
            'CatalogId' => '<string>',
            'Expression' => [
                [
                    'TagKey' => '<string>', // REQUIRED
                    'TagValues' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'ExpressionName' => '<string>',
            'ResourceType' => 'DATABASE|TABLE', // REQUIRED
        ],
        'Table' => [
            'CatalogId' => '<string>',
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>',
            'TableWildcard' => [
            ],
        ],
        'TableWithColumns' => [
            'CatalogId' => '<string>',
            'ColumnNames' => ['<string>', ...],
            'ColumnWildcard' => [
                'ExcludedColumnNames' => ['<string>', ...],
            ],
            'DatabaseName' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Permissions
Required: Yes
Type: Array of strings

The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.

PermissionsWithGrantOption
Type: Array of strings

Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

Principal
Required: Yes
Type: DataLakePrincipal structure

The principal to be revoked permissions on the resource.

Resource
Required: Yes
Type: Resource structure

The resource to which permissions are to be revoked.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

SearchDatabasesByLFTags

$result = $client->searchDatabasesByLFTags([/* ... */]);
$promise = $client->searchDatabasesByLFTagsAsync([/* ... */]);

This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.

Parameter Syntax

$result = $client->searchDatabasesByLFTags([
    'CatalogId' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Expression
Required: Yes
Type: Array of LFTag structures

A list of conditions (LFTag structures) to search for in database resources.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Result Syntax

[
    'DatabaseList' => [
        [
            'Database' => [
                'CatalogId' => '<string>',
                'Name' => '<string>',
            ],
            'LFTags' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
DatabaseList
Type: Array of TaggedDatabase structures

A list of databases that meet the LF-tag conditions.

NextToken
Type: string

A continuation token, present if the current list segment is not the last.

Errors

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

GlueEncryptionException:

An encryption operation failed.

AccessDeniedException:

Access to a resource was denied.

SearchTablesByLFTags

$result = $client->searchTablesByLFTags([/* ... */]);
$promise = $client->searchTablesByLFTagsAsync([/* ... */]);

This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.

Parameter Syntax

$result = $client->searchTablesByLFTags([
    'CatalogId' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Expression
Required: Yes
Type: Array of LFTag structures

A list of conditions (LFTag structures) to search for in table resources.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

A continuation token, if this is not the first call to retrieve this list.

Result Syntax

[
    'NextToken' => '<string>',
    'TableList' => [
        [
            'LFTagOnDatabase' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'LFTagsOnColumns' => [
                [
                    'LFTags' => [
                        [
                            'CatalogId' => '<string>',
                            'TagKey' => '<string>',
                            'TagValues' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'Name' => '<string>',
                ],
                // ...
            ],
            'LFTagsOnTable' => [
                [
                    'CatalogId' => '<string>',
                    'TagKey' => '<string>',
                    'TagValues' => ['<string>', ...],
                ],
                // ...
            ],
            'Table' => [
                'CatalogId' => '<string>',
                'DatabaseName' => '<string>',
                'Name' => '<string>',
                'TableWildcard' => [
                ],
            ],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A continuation token, present if the current list segment is not the last. On the first run, if you include a not null (a value) token you can get empty pages.

TableList
Type: Array of TaggedTable structures

A list of tables that meet the LF-tag conditions.

Errors

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

GlueEncryptionException:

An encryption operation failed.

AccessDeniedException:

Access to a resource was denied.

StartQueryPlanning

$result = $client->startQueryPlanning([/* ... */]);
$promise = $client->startQueryPlanningAsync([/* ... */]);

Submits a request to process a query statement.

This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.

Parameter Syntax

$result = $client->startQueryPlanning([
    'QueryPlanningContext' => [ // REQUIRED
        'CatalogId' => '<string>',
        'DatabaseName' => '<string>', // REQUIRED
        'QueryAsOfTime' => <integer || string || DateTime>,
        'QueryParameters' => ['<string>', ...],
        'TransactionId' => '<string>',
    ],
    'QueryString' => '<string>', // REQUIRED
]);

Parameter Details

Members
QueryPlanningContext
Required: Yes
Type: QueryPlanningContext structure

A structure containing information about the query plan.

QueryString
Required: Yes
Type: string

A PartiQL query statement used as an input to the planner service.

Result Syntax

[
    'QueryId' => '<string>',
]

Result Details

Members
QueryId
Required: Yes
Type: string

The ID of the plan query operation can be used to fetch the actual work unit descriptors that are produced as the result of the operation. The ID is also used to get the query state and as an input to the Execute operation.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

ThrottledException:

Contains details about an error where the query request was throttled.

StartTransaction

$result = $client->startTransaction([/* ... */]);
$promise = $client->startTransactionAsync([/* ... */]);

Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.

Parameter Syntax

$result = $client->startTransaction([
    'TransactionType' => 'READ_AND_WRITE|READ_ONLY',
]);

Parameter Details

Members
TransactionType
Type: string

Indicates whether this transaction should be read only or read and write. Writes made using a read-only transaction ID will be rejected. Read-only transactions do not need to be committed.

Result Syntax

[
    'TransactionId' => '<string>',
]

Result Details

Members
TransactionId
Type: string

An opaque identifier for the transaction.

Errors

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

UpdateDataCellsFilter

$result = $client->updateDataCellsFilter([/* ... */]);
$promise = $client->updateDataCellsFilterAsync([/* ... */]);

Updates a data cell filter.

Parameter Syntax

$result = $client->updateDataCellsFilter([
    'TableData' => [ // REQUIRED
        'ColumnNames' => ['<string>', ...],
        'ColumnWildcard' => [
            'ExcludedColumnNames' => ['<string>', ...],
        ],
        'DatabaseName' => '<string>', // REQUIRED
        'Name' => '<string>', // REQUIRED
        'RowFilter' => [
            'AllRowsWildcard' => [
            ],
            'FilterExpression' => '<string>',
        ],
        'TableCatalogId' => '<string>', // REQUIRED
        'TableName' => '<string>', // REQUIRED
        'VersionId' => '<string>',
    ],
]);

Parameter Details

Members
TableData
Required: Yes
Type: DataCellsFilter structure

A DataCellsFilter structure containing information about the data cells filter.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

UpdateLFTag

$result = $client->updateLFTag([/* ... */]);
$promise = $client->updateLFTagAsync([/* ... */]);

Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.

Parameter Syntax

$result = $client->updateLFTag([
    'CatalogId' => '<string>',
    'TagKey' => '<string>', // REQUIRED
    'TagValuesToAdd' => ['<string>', ...],
    'TagValuesToDelete' => ['<string>', ...],
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag for which to add or delete values.

TagValuesToAdd
Type: Array of strings

A list of LF-tag values to add from the LF-tag.

TagValuesToDelete
Type: Array of strings

A list of LF-tag values to delete from the LF-tag.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

AccessDeniedException:

Access to a resource was denied.

UpdateLFTagExpression

$result = $client->updateLFTagExpression([/* ... */]);
$promise = $client->updateLFTagExpressionAsync([/* ... */]);

Updates the name of the LF-Tag expression to the new description and expression body provided. Updating a LF-Tag expression immediately changes the permission boundaries of all existing LFTagPolicy permission grants that reference the given LF-Tag expression.

Parameter Syntax

$result = $client->updateLFTagExpression([
    'CatalogId' => '<string>',
    'Description' => '<string>',
    'Expression' => [ // REQUIRED
        [
            'TagKey' => '<string>', // REQUIRED
            'TagValues' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID.

Description
Type: string

The description with information about the saved LF-Tag expression.

Expression
Required: Yes
Type: Array of LFTag structures

The LF-Tag expression body composed of one more LF-Tag key-value pairs.

Name
Required: Yes
Type: string

The name for the LF-Tag expression.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

ResourceNumberLimitExceededException:

A resource numerical limit was exceeded.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

UpdateLakeFormationIdentityCenterConfiguration

$result = $client->updateLakeFormationIdentityCenterConfiguration([/* ... */]);
$promise = $client->updateLakeFormationIdentityCenterConfigurationAsync([/* ... */]);

Updates the IAM Identity Center connection parameters.

Parameter Syntax

$result = $client->updateLakeFormationIdentityCenterConfiguration([
    'ApplicationStatus' => 'ENABLED|DISABLED',
    'CatalogId' => '<string>',
    'ExternalFiltering' => [
        'AuthorizedTargets' => ['<string>', ...], // REQUIRED
        'Status' => 'ENABLED|DISABLED', // REQUIRED
    ],
    'ShareRecipients' => [
        [
            'DataLakePrincipalIdentifier' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members
ApplicationStatus
Type: string

Allows to enable or disable the IAM Identity Center connection.

CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

ExternalFiltering

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

ShareRecipients
Type: Array of DataLakePrincipal structures

A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, then the resource share is updated with the principals you want to have access to the resources.

If the ShareRecipients value is null, both the list of share recipients and the resource share remain unchanged.

If the ShareRecipients value is an empty list, then the existing share recipients list will be cleared, and the resource share will be deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

EntityNotFoundException:

A specified entity does not exist.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

AccessDeniedException:

Access to a resource was denied.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

UpdateResource

$result = $client->updateResource([/* ... */]);
$promise = $client->updateResourceAsync([/* ... */]);

Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

Parameter Syntax

$result = $client->updateResource([
    'HybridAccessEnabled' => true || false,
    'ResourceArn' => '<string>', // REQUIRED
    'RoleArn' => '<string>', // REQUIRED
    'WithFederation' => true || false,
]);

Parameter Details

Members
HybridAccessEnabled
Type: boolean

Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

ResourceArn
Required: Yes
Type: string

The resource ARN.

RoleArn
Required: Yes
Type: string

The new role to use for the given resource registered in Lake Formation.

WithFederation
Type: boolean

Whether or not the resource is a federated resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInputException:

The input provided was not valid.

InternalServiceException:

An internal service error occurred.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

UpdateTableObjects

$result = $client->updateTableObjects([/* ... */]);
$promise = $client->updateTableObjectsAsync([/* ... */]);

Updates the manifest of Amazon S3 objects that make up the specified governed table.

Parameter Syntax

$result = $client->updateTableObjects([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'TableName' => '<string>', // REQUIRED
    'TransactionId' => '<string>',
    'WriteOperations' => [ // REQUIRED
        [
            'AddObject' => [
                'ETag' => '<string>', // REQUIRED
                'PartitionValues' => ['<string>', ...],
                'Size' => <integer>, // REQUIRED
                'Uri' => '<string>', // REQUIRED
            ],
            'DeleteObject' => [
                'ETag' => '<string>',
                'PartitionValues' => ['<string>', ...],
                'Uri' => '<string>', // REQUIRED
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
CatalogId
Type: string

The catalog containing the governed table to update. Defaults to the caller’s account ID.

DatabaseName
Required: Yes
Type: string

The database containing the governed table to update.

TableName
Required: Yes
Type: string

The governed table to update.

TransactionId
Type: string

The transaction at which to do the write.

WriteOperations
Required: Yes
Type: Array of WriteOperation structures

A list of WriteOperation objects that define an object to add to or delete from the manifest for a governed table.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:

An internal service error occurred.

InvalidInputException:

The input provided was not valid.

OperationTimeoutException:

The operation timed out.

EntityNotFoundException:

A specified entity does not exist.

TransactionCommittedException:

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

TransactionCanceledException:

Contains details about an error related to a transaction that was cancelled.

TransactionCommitInProgressException:

Contains details about an error related to a transaction commit that was in progress.

ResourceNotReadyException:

Contains details about an error related to a resource which is not ready for a transaction.

ConcurrentModificationException:

Two processes are trying to modify a resource simultaneously.

UpdateTableStorageOptimizer

$result = $client->updateTableStorageOptimizer([/* ... */]);
$promise = $client->updateTableStorageOptimizerAsync([/* ... */]);

Updates the configuration of the storage optimizers for a table.

Parameter Syntax

$result = $client->updateTableStorageOptimizer([
    'CatalogId' => '<string>',
    'DatabaseName' => '<string>', // REQUIRED
    'StorageOptimizerConfig' => [ // REQUIRED
        '<OptimizerType>' => ['<string>', ...],
        // ...
    ],
    'TableName' => '<string>', // REQUIRED
]);

Parameter Details

Members
CatalogId
Type: string

The Catalog ID of the table.

DatabaseName
Required: Yes
Type: string

Name of the database where the table is present.

StorageOptimizerConfig
Required: Yes
Type: Associative array of custom strings keys (OptimizerType) to stringss

Name of the configuration for the storage optimizer.

TableName
Required: Yes
Type: string

Name of the table for which to enable the storage optimizer.

Result Syntax

[
    'Result' => '<string>',
]

Result Details

Members
Result
Type: string

A response indicating the success of failure of the operation.

Errors

EntityNotFoundException:

A specified entity does not exist.

InvalidInputException:

The input provided was not valid.

AccessDeniedException:

Access to a resource was denied.

InternalServiceException:

An internal service error occurred.

Shapes

AccessDeniedException

Description

Access to a resource was denied.

Members
Message
Type: string

A message describing the problem.

AddObjectInput

Description

A new object to add to the governed table.

Members
ETag
Required: Yes
Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

PartitionValues
Type: Array of strings

A list of partition values for the object. A value must be specified for each partition key associated with the table.

The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.

Size
Required: Yes
Type: long (int|float)

The size of the Amazon S3 object in bytes.

Uri
Required: Yes
Type: string

The Amazon S3 location of the object.

AllRowsWildcard

Description

A structure that you pass to indicate you want all rows in a filter.

Members

AlreadyExistsException

Description

A resource to be created or added already exists.

Members
Message
Type: string

A message describing the problem.

AuditContext

Description

A structure used to include auditing information on the privileged API.

Members
AdditionalAuditContext
Type: string

The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.

BatchPermissionsFailureEntry

Description

A list of failures when performing a batch grant or batch revoke operation.

Members
Error
Type: ErrorDetail structure

An error message that applies to the failure of the entry.

RequestEntry

An identifier for an entry of the batch request.

BatchPermissionsRequestEntry

Description

A permission to a resource granted by batch operation to the principal.

Members
Id
Required: Yes
Type: string

A unique identifier for the batch permissions request entry.

Permissions
Type: Array of strings

The permissions to be granted.

PermissionsWithGrantOption
Type: Array of strings

Indicates if the option to pass permissions is granted.

Principal
Type: DataLakePrincipal structure

The principal to be granted a permission.

Resource
Type: Resource structure

The resource to which the principal is to be granted a permission.

CatalogResource

Description

A structure for the catalog object.

Members
Id
Type: string

An identifier for the catalog resource.

ColumnLFTag

Description

A structure containing the name of a column resource and the LF-tags attached to it.

Members
LFTags
Type: Array of LFTagPair structures

The LF-tags attached to a column resource.

Name
Type: string

The name of a column resource.

ColumnWildcard

Description

A wildcard object, consisting of an optional list of excluded column names or indexes.

Members
ExcludedColumnNames
Type: Array of strings

Excludes column names. Any column with this name will be excluded.

ConcurrentModificationException

Description

Two processes are trying to modify a resource simultaneously.

Members
Message
Type: string

A message describing the problem.

Condition

Description

A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

Members
Expression
Type: string

An expression written based on the Cedar Policy Language used to match the principal attributes.

DataCellsFilter

Description

A structure that describes certain columns on certain rows.

Members
ColumnNames
Type: Array of strings

A list of column names and/or nested column attributes. When specifying nested attributes, use a qualified dot (.) delimited format such as "address"."zip". Nested attributes within this list may not exceed a depth of 5.

ColumnWildcard
Type: ColumnWildcard structure

A wildcard with exclusions.

You must specify either a ColumnNames list or the ColumnWildCard.

DatabaseName
Required: Yes
Type: string

A database in the Glue Data Catalog.

Name
Required: Yes
Type: string

The name given by the user to the data filter cell.

RowFilter
Type: RowFilter structure

A PartiQL predicate.

TableCatalogId
Required: Yes
Type: string

The ID of the catalog to which the table belongs.

TableName
Required: Yes
Type: string

A table in the database.

VersionId
Type: string

The ID of the data cells filter version.

DataCellsFilterResource

Description

A structure for a data cells filter resource.

Members
DatabaseName
Type: string

A database in the Glue Data Catalog.

Name
Type: string

The name of the data cells filter.

TableCatalogId
Type: string

The ID of the catalog to which the table belongs.

TableName
Type: string

The name of the table.

DataLakePrincipal

Description

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Members
DataLakePrincipalIdentifier
Type: string

An identifier for the Lake Formation principal.

DataLakeSettings

Description

A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

Members
AllowExternalDataFiltering
Type: boolean

Whether to allow Amazon EMR clusters to access data managed by Lake Formation.

If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.

If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.

For more information, see (Optional) Allow external data filtering.

AllowFullTableExternalDataAccess
Type: boolean

Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.

AuthorizedSessionTagValueList
Type: Array of strings

Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.

CreateDatabaseDefaultPermissions
Type: Array of PrincipalPermissions structures

Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

CreateTableDefaultPermissions
Type: Array of PrincipalPermissions structures

Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.

The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

For more information, see Changing the Default Security Settings for Your Data Lake.

DataLakeAdmins
Type: Array of DataLakePrincipal structures

A list of Lake Formation principals. Supported principals are IAM users or IAM roles.

ExternalDataFilteringAllowList
Type: Array of DataLakePrincipal structures

A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>

Parameters
Type: Associative array of custom strings keys (KeyString) to strings

A key-value map that provides an additional configuration on your data lake. CROSS_ACCOUNT_VERSION is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, 3, and 4.

ReadOnlyAdmins
Type: Array of DataLakePrincipal structures

A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.

TrustedResourceOwners
Type: Array of strings

A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.

You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

DataLocationResource

Description

A structure for a data location object where permissions are granted or revoked.

Members
CatalogId
Type: string

The identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

DatabaseResource

Description

A structure for the database object.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

Name
Required: Yes
Type: string

The name of the database resource. Unique to the Data Catalog.

DeleteObjectInput

Description

An object to delete from the governed table.

Members
ETag
Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

PartitionValues
Type: Array of strings

A list of partition values for the object. A value must be specified for each partition key associated with the governed table.

Uri
Required: Yes
Type: string

The Amazon S3 location of the object to delete.

DetailsMap

Description

A structure containing the additional details to be returned in the AdditionalDetails attribute of PrincipalResourcePermissions.

If a catalog resource is shared through Resource Access Manager (RAM), then there will exist a corresponding RAM resource share ARN.

Members
ResourceShare
Type: Array of strings

A resource share ARN for a catalog resource shared through RAM.

EntityNotFoundException

Description

A specified entity does not exist.

Members
Message
Type: string

A message describing the problem.

ErrorDetail

Description

Contains details about an error.

Members
ErrorCode
Type: string

The code associated with this error.

ErrorMessage
Type: string

A message describing the error.

ExecutionStatistics

Description

Statistics related to the processing of a query statement.

Members
AverageExecutionTimeMillis
Type: long (int|float)

The average time the request took to be executed.

DataScannedBytes
Type: long (int|float)

The amount of data that was scanned in bytes.

WorkUnitsExecutedCount
Type: long (int|float)

The number of work units executed.

ExpiredException

Description

Contains details about an error where the query request expired.

Members
Message
Type: string

A message describing the error.

ExternalFilteringConfiguration

Description

Configuration for enabling external data filtering for third-party applications to access data managed by Lake Formation .

Members
AuthorizedTargets
Required: Yes
Type: Array of strings

List of third-party application ARNs integrated with Lake Formation.

Status
Required: Yes
Type: string

Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.

FilterCondition

Description

This structure describes the filtering of columns in a table based on a filter condition.

Members
ComparisonOperator
Type: string

The comparison operator used in the filter condition.

Field
Type: string

The field to filter in the filter condition.

StringValueList
Type: Array of strings

A string with values used in evaluating the filter condition.

GlueEncryptionException

Description

An encryption operation failed.

Members
Message
Type: string

A message describing the problem.

InternalServiceException

Description

An internal service error occurred.

Members
Message
Type: string

A message describing the problem.

InvalidInputException

Description

The input provided was not valid.

Members
Message
Type: string

A message describing the problem.

LFTag

Description

A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.

Members
TagKey
Required: Yes
Type: string

The key-name for the LF-tag.

TagValues
Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

The maximum number of values that can be defined for a LF-Tag is 1000. A single API call supports 50 values. You can use multiple API calls to add more values.

LFTagError

Description

A structure containing an error related to a TagResource or UnTagResource operation.

Members
Error
Type: ErrorDetail structure

An error that occurred with the attachment or detachment of the LF-tag.

LFTag
Type: LFTagPair structure

The key-name of the LF-tag.

LFTagExpression

Description

A structure consists LF-Tag expression name and catalog ID.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID.

Description
Type: string

A structure that contains information about the LF-Tag expression.

Expression
Type: Array of LFTag structures

A logical expression composed of one or more LF-Tags.

Name
Type: string

The name for saved the LF-Tag expression.

LFTagExpressionResource

Description

A structure containing a LF-Tag expression (keys and values).

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID.

Name
Required: Yes
Type: string

The name of the LF-Tag expression to grant permissions on.

LFTagKeyResource

Description

A structure containing an LF-tag key and values for a resource.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag.

TagValues
Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

LFTagPair

Description

A structure containing an LF-tag key-value pair.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

TagKey
Required: Yes
Type: string

The key-name for the LF-tag.

TagValues
Required: Yes
Type: Array of strings

A list of possible values an attribute can take.

LFTagPolicyResource

Description

A structure containing a list of LF-tag conditions or saved LF-Tag expressions that apply to a resource's LF-tag policy.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Expression
Type: Array of LFTag structures

A list of LF-tag conditions or a saved expression that apply to the resource's LF-tag policy.

ExpressionName
Type: string

If provided, permissions are granted to the Data Catalog resources whose assigned LF-Tags match the expression body of the saved expression under the provided ExpressionName.

ResourceType
Required: Yes
Type: string

The resource type for which the LF-tag policy applies.

LakeFormationOptInsInfo

Description

A single principal-resource pair that has Lake Formation permissins enforced.

Members
Condition
Type: Condition structure

A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

LastModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last modified date and time of the record.

LastUpdatedBy
Type: string

The user who updated the record.

Principal
Type: DataLakePrincipal structure

The Lake Formation principal. Supported principals are IAM users or IAM roles.

Resource
Type: Resource structure

A structure for the resource.

OperationTimeoutException

Description

The operation timed out.

Members
Message
Type: string

A message describing the problem.

PartitionObjects

Description

A structure containing a list of partition values and table objects.

Members
Objects
Type: Array of TableObject structures

A list of table objects

PartitionValues
Type: Array of strings

A list of partition values.

PartitionValueList

Description

Contains a list of values defining partitions.

Members
Values
Required: Yes
Type: Array of strings

The list of partition values.

PermissionTypeMismatchException

Description

The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

Members
Message
Type: string

A message describing the problem.

PlanningStatistics

Description

Statistics related to the processing of a query statement.

Members
EstimatedDataToScanBytes
Type: long (int|float)

An estimate of the data that was scanned in bytes.

PlanningTimeMillis
Type: long (int|float)

The time that it took to process the request.

QueueTimeMillis
Type: long (int|float)

The time the request was in queue to be processed.

WorkUnitsGeneratedCount
Type: long (int|float)

The number of work units generated.

PrincipalPermissions

Description

Permissions granted to a principal.

Members
Permissions
Type: Array of strings

The permissions that are granted to the principal.

Principal
Type: DataLakePrincipal structure

The principal who is granted permissions.

PrincipalResourcePermissions

Description

The permissions granted or revoked on a resource.

Members
AdditionalDetails
Type: DetailsMap structure

This attribute can be used to return any additional details of PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN.

Condition
Type: Condition structure

A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

LastUpdated
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the resource was last updated.

LastUpdatedBy
Type: string

The user who updated the record.

Permissions
Type: Array of strings

The permissions to be granted or revoked on the resource.

PermissionsWithGrantOption
Type: Array of strings

Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).

Principal
Type: DataLakePrincipal structure

The Data Lake principal to be granted or revoked permissions.

Resource
Type: Resource structure

The resource where permissions are to be granted or revoked.

QueryPlanningContext

Description

A structure containing information about the query plan.

Members
CatalogId
Type: string

The ID of the Data Catalog where the partition in question resides. If none is provided, the Amazon Web Services account ID is used by default.

DatabaseName
Required: Yes
Type: string

The database containing the table.

QueryAsOfTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with TransactionId.

QueryParameters
Type: Associative array of custom strings keys (String) to strings

A map consisting of key-value pairs.

TransactionId
Type: string

The transaction ID at which to read the table contents. If this transaction is not committed, the read will be treated as part of that transaction and will see its writes. If this transaction has aborted, an error will be returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with QueryAsOfTime.

QuerySessionContext

Description

A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.

Members
AdditionalContext
Type: Associative array of custom strings keys (ContextKey) to strings

An opaque string-string map passed by the query engine.

ClusterId
Type: string

An identifier string for the consumer cluster.

QueryAuthorizationId
Type: string

A cryptographically generated query identifier generated by Glue or Lake Formation.

QueryId
Type: string

A unique identifier generated by the query engine for the query.

QueryStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp provided by the query engine for when the query started.

Resource

Description

A structure for the resource.

Members
Catalog
Type: CatalogResource structure

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

DataCellsFilter
Type: DataCellsFilterResource structure

A data cell filter.

DataLocation
Type: DataLocationResource structure

The location of an Amazon S3 path where permissions are granted or revoked.

Database
Type: DatabaseResource structure

The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.

LFTag
Type: LFTagKeyResource structure

The LF-tag key and values attached to a resource.

LFTagExpression
Type: LFTagExpressionResource structure

LF-Tag expression resource. A logical expression composed of one or more LF-Tag key:value pairs.

LFTagPolicy
Type: LFTagPolicyResource structure

A list of LF-tag conditions or saved LF-Tag expressions that define a resource's LF-tag policy.

Table
Type: TableResource structure

The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

TableWithColumns
Type: TableWithColumnsResource structure

The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

ResourceInfo

Description

A structure containing information about an Lake Formation resource.

Members
HybridAccessEnabled
Type: boolean

Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

LastModified
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the resource was last modified.

ResourceArn
Type: string

The Amazon Resource Name (ARN) of the resource.

RoleArn
Type: string

The IAM role that registered a resource.

WithFederation
Type: boolean

Whether or not the resource is a federated resource.

ResourceNotReadyException

Description

Contains details about an error related to a resource which is not ready for a transaction.

Members
Message
Type: string

A message describing the error.

ResourceNumberLimitExceededException

Description

A resource numerical limit was exceeded.

Members
Message
Type: string

A message describing the problem.

RowFilter

Description

A PartiQL predicate.

Members
AllRowsWildcard
Type: AllRowsWildcard structure

A wildcard for all rows.

FilterExpression
Type: string

A filter expression.

StatisticsNotReadyYetException

Description

Contains details about an error related to statistics not being ready.

Members
Message
Type: string

A message describing the error.

StorageOptimizer

Description

A structure describing the configuration and details of a storage optimizer.

Members
Config
Type: Associative array of custom strings keys (StorageOptimizerConfigKey) to strings

A map of the storage optimizer configuration. Currently contains only one key-value pair: is_enabled indicates true or false for acceleration.

ErrorMessage
Type: string

A message that contains information about any error (if present).

When an acceleration result has an enabled status, the error message is empty.

When an acceleration result has a disabled status, the message describes an error or simply indicates "disabled by the user".

LastRunDetails
Type: string

When an acceleration result has an enabled status, contains the details of the last job run.

StorageOptimizerType
Type: string

The specific type of storage optimizer. The supported value is compaction.

Warnings
Type: string

A message that contains information about any warnings (if present).

TableObject

Description

Specifies the details of a governed table.

Members
ETag
Type: string

The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.

Size
Type: long (int|float)

The size of the Amazon S3 object in bytes.

Uri
Type: string

The Amazon S3 location of the object.

TableResource

Description

A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

DatabaseName
Required: Yes
Type: string

The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.

Name
Type: string

The name of the table.

TableWildcard
Type: TableWildcard structure

A wildcard object representing every table under a database.

At least one of TableResource$Name or TableResource$TableWildcard is required.

TableWildcard

Description

A wildcard object representing every table under a database.

Members

TableWithColumnsResource

Description

A structure for a table with columns object. This object is only used when granting a SELECT permission.

This object must take a value for at least one of ColumnsNames, ColumnsIndexes, or ColumnsWildcard.

Members
CatalogId
Type: string

The identifier for the Data Catalog. By default, it is the account ID of the caller.

ColumnNames
Type: Array of strings

The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.

ColumnWildcard
Type: ColumnWildcard structure

A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

DatabaseName
Required: Yes
Type: string

The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.

Name
Required: Yes
Type: string

The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

TaggedDatabase

Description

A structure describing a database resource with LF-tags.

Members
Database
Type: DatabaseResource structure

A database that has LF-tags attached to it.

LFTags
Type: Array of LFTagPair structures

A list of LF-tags attached to the database.

TaggedTable

Description

A structure describing a table resource with LF-tags.

Members
LFTagOnDatabase
Type: Array of LFTagPair structures

A list of LF-tags attached to the database where the table resides.

LFTagsOnColumns
Type: Array of ColumnLFTag structures

A list of LF-tags attached to columns in the table.

LFTagsOnTable
Type: Array of LFTagPair structures

A list of LF-tags attached to the table.

Table
Type: TableResource structure

A table that has LF-tags attached to it.

ThrottledException

Description

Contains details about an error where the query request was throttled.

Members
Message
Type: string

A message describing the error.

TransactionCanceledException

Description

Contains details about an error related to a transaction that was cancelled.

Members
Message
Type: string

A message describing the error.

TransactionCommitInProgressException

Description

Contains details about an error related to a transaction commit that was in progress.

Members
Message
Type: string

A message describing the error.

TransactionCommittedException

Description

Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.

Members
Message
Type: string

A message describing the error.

TransactionDescription

Description

A structure that contains information about a transaction.

Members
TransactionEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the transaction committed or aborted, if it is not currently active.

TransactionId
Type: string

The ID of the transaction.

TransactionStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time when the transaction started.

TransactionStatus
Type: string

A status of ACTIVE, COMMITTED, or ABORTED.

VirtualObject

Description

An object that defines an Amazon S3 object to be deleted if a transaction cancels, provided that VirtualPut was called before writing the object.

Members
ETag
Type: string

The ETag of the Amazon S3 object.

Uri
Required: Yes
Type: string

The path to the Amazon S3 object. Must start with s3://

WorkUnitRange

Description

Defines the valid range of work unit IDs for querying the execution service.

Members
WorkUnitIdMax
Required: Yes
Type: long (int|float)

Defines the maximum work unit ID in the range. The maximum value is inclusive.

WorkUnitIdMin
Required: Yes
Type: long (int|float)

Defines the minimum work unit ID in the range.

WorkUnitToken
Required: Yes
Type: string

A work token used to query the execution service.

WorkUnitsNotReadyYetException

Description

Contains details about an error related to work units not being ready.

Members
Message
Type: string

A message describing the error.

WriteOperation

Description

Defines an object to add to or delete from a governed table.

Members
AddObject
Type: AddObjectInput structure

A new object to add to the governed table.

DeleteObject
Type: DeleteObjectInput structure

An object to delete from the governed table.