Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Application integration for full table
access
Follow these steps to enable third-party query engines to access data without the
IAM session tag validation:
- Console
-
-
Sign in to the Lake Formation console at https://console.amazonaws.cn/lakeformation/.
-
In the left-side navigation, expand Administration, and choose Application
integration settings.
-
On the Application integration settings page, choose the
Allow external engines to access data in Amazon S3 locations with full
table access option.
When you enable this option, Lake Formation returns credentials to the
querying application directly without IAM session tag validation.
- Amazon CLI
-
Use the put-data-lake-settings
CLI command to set the AllowFullTableExternalDataAccess
parameter.
aws lakeformation put-data-lake-settings —cli-input-json file://put-data-lake-settings.json —region ap-northeast-1
{
"DataLakeSettings": {
"DataLakeAdmins": [
{
"DataLakePrincipalIdentifier": "arn:aws:iam::111111111111:user/lakeAdmin"
}
],
"AllowFullTableExternalDataAccess": true
}
}