CreateLakeFormationIdentityCenterConfiguration - Lake Formation
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSee Also

CreateLakeFormationIdentityCenterConfiguration

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

Request Syntax

{
   "CatalogId": "string",
   "ExternalFiltering": { 
      "AuthorizedTargets": [ "string" ],
      "Status": "string"
   },
   "InstanceArn": "string",
   "ShareRecipients": [ 
      { 
         "DataLakePrincipalIdentifier": "string"
      }
   ]
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CatalogId

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: [\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*

Required: No

ExternalFiltering

A list of the account IDs of AWS accounts of third-party applications that are allowed to access data managed by Lake Formation.

Type: ExternalFilteringConfiguration object

Required: No

InstanceArn

The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

Type: String

Required: No

ShareRecipients

A list of AWS account IDs and/or AWS organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources.

If the ShareRecipients value is null or the list is empty, no resource share is created.

Type: Array of DataLakePrincipal objects

Array Members: Minimum number of 0 items. Maximum number of 30 items.

Required: No

Response Syntax

{
   "ApplicationArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ApplicationArn

The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access to a resource was denied.

HTTP Status Code: 400

AlreadyExistsException

A resource to be created or added already exists.

HTTP Status Code: 400

ConcurrentModificationException

Two processes are trying to modify a resource simultaneously.

HTTP Status Code: 400

InternalServiceException

An internal service error occurred.

HTTP Status Code: 500

InvalidInputException

The input provided was not valid.

HTTP Status Code: 400

OperationTimeoutException

The operation timed out.

HTTP Status Code: 400

Examples

Request example

This example illustrates one usage of CreateLakeFormationIdentityCenterConfiguration.

{
   "CatalogId": "123456789012",
   "ExternalFiltering": { 
      "AuthorizedTargets": [ "<app arn1>" ],
      "Status": "ENABLED"
   },
   "InstanceArn": "arn:aws:sso:::instance/ssoins-1223f2dba9f23211",
    "ShareRecipients": [ 
      { 
         "DataLakePrincipalIdentifier": "555555555555"
      }
   ]
}

Response example

This example illustrates one usage of CreateLakeFormationIdentityCenterConfiguration.


{
   "ApplicationArn": "arn:aws:sso::123456789012:application/ssoins-1223f2dba9f23211/apl-8effb002e2841417"
   "ResourceShare": "arn:aws:ram:us-east-1:123456789012:resource-share/2b5032f6-19e4-461e-8b02-cd711d119df7"
}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: