Application integration for full table access - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Application integration for full table access

Follow these steps to enable third-party query engines to access data without the IAM session tag validation:

Console

  1. Sign in to the Lake Formation console at https://console.amazonaws.cn/lakeformation/.

  2. In the left-side navigation, expand Administration, and choose Application integration settings.

  3. On the Application integration settings page, choose the Allow external engines to access data in Amazon S3 locations with full table access option.

    When you enable this option, Lake Formation returns credentials to the querying application directly without IAM session tag validation.

The screenshot shows the Application integration setting page for Lake Formation. The option Allow external engines to access data in Amazon S3 locations with full table access is selected.
Amazon CLI

Use the put-data-lake-settings CLI command to set the AllowFullTableExternalDataAccess parameter.

aws lakeformation put-data-lake-settings —cli-input-json file://put-data-lake-settings.json —region ap-northeast-1 
{
    "DataLakeSettings": {
        "DataLakeAdmins": [
            {
                "DataLakePrincipalIdentifier": "arn:aws:iam::111111111111:user/lakeAdmin"
            }
        ],
        "AllowFullTableExternalDataAccess": true
    }
}