Data Lake Settings APIs - AWS Lake Formation

Data Lake Settings APIs

The Data Lake Settings API describes data types and operations for managing the data lake administrators.

Data Types

DataLakeSettings Structure

A structure representing a list of AWS Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

Fields

  • DataLakeAdmins – An array of DataLakePrincipal objects, not more than 10 structures.

    A list of AWS Lake Formation principals. Supported principals are IAM users or IAM roles.

  • CreateDatabaseDefaultPermissions – An array of PrincipalPermissions objects.

    Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions. You can override this default setting when you create a database.

    A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the AWS Glue permission model implemented by IAM permissions.

    The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

    For more information, see Changing the Default Security Settings for Your Data Lake.

  • CreateTableDefaultPermissions – An array of PrincipalPermissions objects.

    Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

    A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the AWS Glue permission model implemented by IAM permissions.

    The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.

    For more information, see Changing the Default Security Settings for Your Data Lake.

  • TrustedResourceOwners – An array of UTF-8 strings.

    A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.

    You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

Operations

GetDataLakeSettings Action (Python: get_data_lake_settings)

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.

Response

  • DataLakeSettings – A DataLakeSettings object.

    A structure representing a list of AWS Lake Formation principals designated as data lake administrators.

Errors

  • InternalServiceException

  • InvalidInputException

  • EntityNotFoundException

  • AccessDeniedException

PutDataLakeSettings Action (Python: put_data_lake_settings)

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.

  • DataLakeSettingsRequired: A DataLakeSettings object.

    A structure representing a list of AWS Lake Formation principals designated as data lake administrators.

Response

  • No Response parameters.

Errors

  • InternalServiceException

  • InvalidInputException

  • AccessDeniedException

  • ConcurrentModificationException