Resource link handling in AWS Glue APIs - AWS Lake Formation

Resource link handling in AWS Glue APIs

The following tables explain how the AWS Glue Data Catalog APIs handle database and table resource links. For all Get* API operations, only databases and tables that the caller has permissions on get returned. Also, when accessing a target database or table through a resource link, you must have both AWS Identity and Access Management (IAM) and Lake Formation permissions on both the target and the resource link. The Lake Formation permission that is required on resource links is DESCRIBE. For more information, see DESCRIBE.

Database API operations
API operation Resource link handling
CreateDatabase If the database is a resource link, creates the resource link to the designated target database.
UpdateDatabase If the designated database is a resource link, follows the link and updates the target database. If the resource link must be modified to link to a different database, you must delete it and create a new one.
DeleteDatabase Deletes the resource link. It doesn't delete the linked (target) database.
GetDatabase If the caller has permissions on the target, follows the link to return the target's properties. Otherwise, it returns the properties of the link.
GetDatabases Returns a list of databases, including resource links. For each resource link in the result set, the operation follows the link to get the properties of the link target. You must specify ResourceShareType = ALL to see the databases shared with your account.
Table API operations
API operation Resource link handling
CreateTable If the database is a resource link, follows the database link and creates a table in the target database. If the table is a resource link, the operation creates the resource link in the designated database. Creating a table resource link through a database resource link is not supported.
UpdateTable If either the table or designated database is a resource link, updates the target table. If both the table and database are resource links, the operation fails.
DeleteTable If the designated database is a resource link, follows the link and deletes the table or table resource link in the target database. If the table is a resource link, the operation deletes the table resource link in the designated database. Deleting a table resource link does not delete the target table.
BatchDeleteTable Same as DeleteTable.
GetTable If the designated database is a resource link, follows the database link and returns the table or table resource link from the target database. Otherwise, if the table is a resource link, the operation follows the link and returns the target table properties.
GetTables If the designated database is a resource link, follows the database link and returns the tables and table resource links from the target database. If the target database is a shared database from another AWS account, the operation returns only the shared tables in that database. It doesn't follow the table resource links in the target database. Otherwise, if the designated database is a local (owned) database, the operation returns all the tables in the local database, and follows each table resource link to return target table properties.
SearchTables Returns tables and table resource links. It doesn't follow links to return target table properties. You must specify ResourceShareType = ALL to see tables shared with your account.
GetTableVersion Same as GetTable.
GetTableVersions Same as GetTable.
DeleteTableVersion Same as DeleteTable.
BatchDeleteTableVersion Same as DeleteTable.
Partition API operations
API operation Resource link handling
CreatePartition If the designated database is a resource link, follows the database link and creates a partition in the designated table in the target database. If the table is a resource link, the operation follows the resource link and creates the partition in the target table. Creating a partition through both a table resource link and database resource link is not supported.
BatchCreatePartition Same as CreatePartition.
UpdatePartition If the designated database is a resource link, follows the database link and updates the partition in the designated table in the target database. If the table is a resource link, the operation follows the resource link and updates the partition in the target table. Updating a partition through both a table resource link and database resource link is not supported.
DeletePartition If the designated database is a resource link, follows the database link and deletes the partition in the designated table in the target database. If the table is a resource link, the operation follows the resource link and deletes the partition in the target table. Deleting a partition through both a table resource link and database resource link is not supported.
BatchDeletePartition Same as DeletePartition.
GetPartition If the designated database is a resource link, follows the database link and returns partition information from the designated table. Otherwise, if the table is a resource link, the operation follows the link and returns partition information. If both the table and database are resource links, it returns an empty result set.
GetPartitions If the designated database is a resource link, follows the database link and returns partition information for all partitions in the designated table. Otherwise, if the table is a resource link, the operation follows the link and returns partition information. If both the table and database are resource links, it returns an empty result set.
BatchGetPartition Same as GetPartition.
User-defined functions API operations
API operation Resource Link Handling
(All API operations) If the database is a resource link, follows the resource link and performs the operation on the target database.
See also: