Syntax Properties Return values Remarks Examples See also

AWS::LakeFormation::DataCellsFilter

A structure that represents a data cell filter with column-level, row-level, and/or cell-level security. Data cell filters belong to a specific table in a Data Catalog. During a stack operation, AWS CloudFormation calls the AWS Lake Formation CreateDataCellsFilter API operation to create a DataCellsFilter resource, and calls the DeleteDataCellsFilter API operation to delete it.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::LakeFormation::DataCellsFilter",
  "Properties" : {
      "ColumnNames" : [ String, ... ],
      "ColumnWildcard" : ColumnWildcard,
      "DatabaseName" : String,
      "Name" : String,
      "RowFilter" : RowFilter,
      "TableCatalogId" : String,
      "TableName" : String
    }
}

YAML


Type: AWS::LakeFormation::DataCellsFilter
Properties:
  ColumnNames: 
    - String
  ColumnWildcard: 
    ColumnWildcard
  DatabaseName: String
  Name: String
  RowFilter: 
    RowFilter
  TableCatalogId: String
  TableName: String

Properties

ColumnNames

An array of UTF-8 strings. A list of column names.

Required: No

Type: Array of String

Update requires: Replacement

ColumnWildcard

A wildcard with exclusions. You must specify either a ColumnNames list or the ColumnWildCard.

Required: No

Type: ColumnWildcard

Update requires: Replacement

DatabaseName

UTF-8 string, not less than 1 or more than 255 bytes long, matching the single-line string pattern.

A database in the Data Catalog.

Required: Yes

Type: String

Minimum: 1

Maximum: 255

Update requires: Replacement

Name

UTF-8 string, not less than 1 or more than 255 bytes long, matching the single-line string pattern.

The name given by the user to the data filter cell.

Required: Yes

Type: String

Minimum: 1

Maximum: 255

Update requires: Replacement

RowFilter

A PartiQL predicate.

Required: No

Type: RowFilter

Update requires: Replacement

TableCatalogId

Catalog id string, not less than 1 or more than 255 bytes long, matching the single-line string pattern.

The ID of the catalog to which the table belongs.

Required: Yes

Type: String

Minimum: 12

Maximum: 12

Update requires: Replacement

TableName

UTF-8 string, not less than 1 or more than 255 bytes long, matching the single-line string pattern.

A table in the database.

Required: Yes

Type: String

Minimum: 1

Maximum: 255

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource properties such as TableCatalogId, DatabaseName, TableName, and FilterName. For example: 123456789012|ExampleDbName|ExampleTableName|ExampleFilterName

Remarks

The level of filtering that you get depends on how you populate the data filter.

When you specify the "all columns" wildcard and provide a row filter expression, you are establishing row-level security (row filtering) only.
When you include or exclude specific columns and specify all rows using the all-rows wildcard, you are establishing column-level security (column filtering) only.
When you include or exclude specific columns and also provide a row filter expression, you are establishing cell-level security (cell filtering).

Specify the following to create a valid data cells filter:

ColumnWildcard or ColumnNames
RowFilter.AllRowsWildcard or RowFilter.FilterExpression

Examples

Creating a DataCellsFilter using row and column wildcards
Creating a DataCellsFilter using a row wild card and specified columns
Creating a DataCellsFilter using a row filter expression and a column wildcard
Creating a DataCellsFilter using a row filter and specified columns

Creating a DataCellsFilter using row and column wildcards

The following example demonstrates how to create a DataCellsFilter resource using row and column wildcards:

JSON


{
  "SampleDataCellsFilter": {
    "Type": "AWS::LakeFormation::DataCellsFilter",
    "Properties": {
      "TableCatalogId": "12345678910",
      "DatabaseName": "sample_db",
      "TableName": "sample_tbl",
      "Name": "sample_data_cells_filter",
      "RowFilter": {
          "AllRowsWildcard": {}
       },
          "ColumnWildcard": {}
     }
   }
}

YAML


SampleDataCellsFilter:
    Type: AWS::LakeFormation::DataCellsFilter
    Properties:
        TableCatalogId: "12345678910"
        DatabaseName: "sample_db" 
        TableName: "sample_tbl" 
        Name: "sample_data_cells_filter" 
        RowFilter: 
            AllRowsWildcard: {}
        ColumnWildcard: {}

Creating a DataCellsFilter using a row wild card and specified columns

The following example demonstrates how to create a DataCellsFilter resource using a row wild card and specified columns:

JSON


{
    "SampleDataCellsFilter": {
        "Type": "AWS::LakeFormation::DataCellsFilter",
        "Properties": {
            "TableCatalogId": "12345678910",
            "DatabaseName": "sample_db",
            "TableName": "sample_tbl",
            "Name": "sample_data_cells_filter",
            "RowFilter": {
                "AllRowsWildcard": {}
            },
            "ColumnNames": ["sample_column_1", "sample_column_2"]
        }
    }
}

YAML


SampleDataCellsFilter:
    Type: AWS::LakeFormation::DataCellsFilter
    Properties:
        TableCatalogId: "12345678910"
        DatabaseName: "sample_db" 
        TableName: "sample_tbl" 
        Name: "sample_data_cells_filter" 
        RowFilter: 
            AllRowsWildcard: {}
        ColumnNames: ["sample_column_1", "sample_column_2"]

Creating a DataCellsFilter using a row filter expression and a column wildcard

The following example demonstrates how to create a DataCellsFilter using a row filter expression and a column wildcard:

JSON


{
    "SampleDataCellsFilter": {
        "Type": "AWS::LakeFormation::DataCellsFilter",
        "Properties": {
            "TableCatalogId": "12345678910",
            "DatabaseName": "sample_db",
            "TableName": "sample_tbl",
            "Name": "sample_data_cells_filter",
            "RowFilter": {
                "FilterExpression": "sample_column_1 > 0"
            },
            "ColumnWildcard": {}
        }
    }
}

YAML


SampleDataCellsFilter:
    Type: AWS::LakeFormation::DataCellsFilter
    Properties:
        TableCatalogId: "12345678910"
        DatabaseName: "sample_db" 
        TableName: "sample_tbl" 
        Name: "sample_data_cells_filter" 
        RowFilter: 
            FilterExpression: "sample_column_1 > 0"
        ColumnWildcard: {}

Creating a DataCellsFilter using a row filter and specified columns

The following example demonstrates how to create a DataCellsFilter resource using a row filter and specified columns:

JSON


{
    "SampleDataCellsFilter": {
        "Type": "AWS::LakeFormation::DataCellsFilter",
        "Properties": {
            "TableCatalogId": "12345678910",
            "DatabaseName": "sample_db",
            "TableName": "sample_tbl",
            "Name": "sample_data_cells_filter",
            "RowFilter": {
                "FilterExpression": "sample_column_1 > 0"
            },
            "ColumnNames": ["sample_column_1", "sample_column_2"]
        }
    }
}

YAML


SampleDataCellsFilter:
    Type: AWS::LakeFormation::DataCellsFilter
    Properties:
        TableCatalogId: "12345678910"
        DatabaseName: "sample_db" 
        TableName: "sample_tbl" 
        Name: "sample_data_cells_filter" 
        RowFilter: 
            FilterExpression: "sample_column_1 > 0"
        ColumnNames: ["sample_column_1", "sample_column_2"]