SDK for PHP 3.x
AWS Lake Formation 2017-03-31
- Client: Aws\LakeFormation\LakeFormationClient
- Service ID: lakeformation
- Version: 2017-03-31
This page describes the parameters and results for the operations of the AWS Lake Formation (2017-03-31), and shows how to use the Aws\LakeFormation\LakeFormationClient object to call the described operations. This documentation is specific to the 2017-03-31 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AddLFTagsToResource ( array $params = [] )
- Attaches one or more LF-tags to an existing resource.
- AssumeDecoratedRoleWithSAML ( array $params = [] )
- Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request.
- BatchGrantPermissions ( array $params = [] )
- Batch operation to grant permissions to the principal.
- BatchRevokePermissions ( array $params = [] )
- Batch operation to revoke permissions from the principal.
- CancelTransaction ( array $params = [] )
- Attempts to cancel the specified transaction.
- CommitTransaction ( array $params = [] )
- Attempts to commit the specified transaction.
- CreateDataCellsFilter ( array $params = [] )
- Creates a data cell filter to allow one to grant access to certain columns on certain rows.
- CreateLFTag ( array $params = [] )
- Creates an LF-tag with the specified name and values.
- CreateLakeFormationIdentityCenterConfiguration ( array $params = [] )
- Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
- CreateLakeFormationOptIn ( array $params = [] )
- Enforce Lake Formation permissions for the given databases, tables, and principals.
- DeleteDataCellsFilter ( array $params = [] )
- Deletes a data cell filter.
- DeleteLFTag ( array $params = [] )
- Deletes the specified LF-tag given a key name.
- DeleteLakeFormationIdentityCenterConfiguration ( array $params = [] )
- Deletes an IAM Identity Center connection with Lake Formation.
- DeleteLakeFormationOptIn ( array $params = [] )
- Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
- DeleteObjectsOnCancel ( array $params = [] )
- For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.
- DeregisterResource ( array $params = [] )
- Deregisters the resource as managed by the Data Catalog.
- DescribeLakeFormationIdentityCenterConfiguration ( array $params = [] )
- Retrieves the instance ARN and application ARN for the connection.
- DescribeResource ( array $params = [] )
- Retrieves the current data access role for the given resource registered in Lake Formation.
- DescribeTransaction ( array $params = [] )
- Returns the details of a single transaction.
- ExtendTransaction ( array $params = [] )
- Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
- GetDataCellsFilter ( array $params = [] )
- Returns a data cells filter.
- GetDataLakePrincipal ( array $params = [] )
- Returns the identity of the invoking principal.
- GetDataLakeSettings ( array $params = [] )
- Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
- GetEffectivePermissionsForPath ( array $params = [] )
- Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
- GetLFTag ( array $params = [] )
- Returns an LF-tag definition.
- GetQueryState ( array $params = [] )
- Returns the state of a query previously submitted.
- GetQueryStatistics ( array $params = [] )
- Retrieves statistics on the planning and execution of a query.
- GetResourceLFTags ( array $params = [] )
- Returns the LF-tags applied to a resource.
- GetTableObjects ( array $params = [] )
- Returns the set of Amazon S3 objects that make up the specified governed table.
- GetTemporaryGluePartitionCredentials ( array $params = [] )
- This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.
- GetTemporaryGlueTableCredentials ( array $params = [] )
- Allows a caller in a secure environment to assume a role with permission to access Amazon S3.
- GetWorkUnitResults ( array $params = [] )
- Returns the work units resulting from the query.
- GetWorkUnits ( array $params = [] )
- Retrieves the work units generated by the StartQueryPlanning operation.
- GrantPermissions ( array $params = [] )
- Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- ListDataCellsFilter ( array $params = [] )
- Lists all the data cell filters on a table.
- ListLFTags ( array $params = [] )
- Lists LF-tags that the requester has permission to view.
- ListLakeFormationOptIns ( array $params = [] )
- Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
- ListPermissions ( array $params = [] )
- Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
- ListResources ( array $params = [] )
- Lists the resources registered to be managed by the Data Catalog.
- ListTableStorageOptimizers ( array $params = [] )
- Returns the configuration of all storage optimizers associated with a specified table.
- ListTransactions ( array $params = [] )
- Returns metadata about transactions and their status.
- PutDataLakeSettings ( array $params = [] )
- Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
- RegisterResource ( array $params = [] )
- Registers the resource as managed by the Data Catalog.
- RemoveLFTagsFromResource ( array $params = [] )
- Removes an LF-tag from the resource.
- RevokePermissions ( array $params = [] )
- Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
- SearchDatabasesByLFTags ( array $params = [] )
- This operation allows a search on DATABASE resources by TagCondition.
- SearchTablesByLFTags ( array $params = [] )
- This operation allows a search on TABLE resources by LFTags.
- StartQueryPlanning ( array $params = [] )
- Submits a request to process a query statement.
- StartTransaction ( array $params = [] )
- Starts a new transaction and returns its transaction ID.
- UpdateDataCellsFilter ( array $params = [] )
- Updates a data cell filter.
- UpdateLFTag ( array $params = [] )
- Updates the list of possible values for the specified LF-tag key.
- UpdateLakeFormationIdentityCenterConfiguration ( array $params = [] )
- Updates the IAM Identity Center connection parameters.
- UpdateResource ( array $params = [] )
- Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
- UpdateTableObjects ( array $params = [] )
- Updates the manifest of Amazon S3 objects that make up the specified governed table.
- UpdateTableStorageOptimizer ( array $params = [] )
- Updates the configuration of the storage optimizers for a table.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- GetEffectivePermissionsForPath
- GetTableObjects
- GetWorkUnits
- ListDataCellsFilter
- ListLFTags
- ListLakeFormationOptIns
- ListPermissions
- ListResources
- ListTableStorageOptimizers
- ListTransactions
- SearchDatabasesByLFTags
- SearchTablesByLFTags
Operations
AddLFTagsToResource
$result = $client->addLFTagsToResource([/* ... */]); $promise = $client->addLFTagsToResourceAsync([/* ... */]);
Attaches one or more LF-tags to an existing resource.
Parameter Syntax
$result = $client->addLFTagsToResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The LF-tags to attach to the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource to which to attach an LF-tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to tag the resource.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
AssumeDecoratedRoleWithSAML
$result = $client->assumeDecoratedRoleWithSAML([/* ... */]); $promise = $client->assumeDecoratedRoleWithSAMLAsync([/* ... */]);
Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.
This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:
Parameter Syntax
$result = $client->assumeDecoratedRoleWithSAML([
'DurationSeconds' => <integer>,
'PrincipalArn' => '<string>', // REQUIRED
'RoleArn' => '<string>', // REQUIRED
'SAMLAssertion' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DurationSeconds
-
- Type: int
The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.
- PrincipalArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
- RoleArn
-
- Required: Yes
- Type: string
The role that represents an IAM principal whose scope down policy allows it to call credential vending APIs such as
GetTemporaryTableCredentials. The caller must also have iam:PassRole permission on this role. - SAMLAssertion
-
- Required: Yes
- Type: string
A SAML assertion consisting of an assertion statement for the user who needs temporary credentials. This must match the SAML assertion that was issued to IAM. This must be Base64 encoded.
Result Syntax
[
'AccessKeyId' => '<string>',
'Expiration' => <DateTime>,
'SecretAccessKey' => '<string>',
'SessionToken' => '<string>',
]
Result Details
Members
- AccessKeyId
-
- Type: string
The access key ID for the temporary credentials. (The access key consists of an access key ID and a secret key).
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the temporary credentials expire.
- SecretAccessKey
-
- Type: string
The secret key for the temporary credentials. (The access key consists of an access key ID and a secret key).
- SessionToken
-
- Type: string
The session token for the temporary credentials.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
AccessDeniedException:
Access to a resource was denied.
BatchGrantPermissions
$result = $client->batchGrantPermissions([/* ... */]); $promise = $client->batchGrantPermissionsAsync([/* ... */]);
Batch operation to grant permissions to the principal.
Parameter Syntax
$result = $client->batchGrantPermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to grant permissions to the resources.
Errors
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
BatchRevokePermissions
$result = $client->batchRevokePermissions([/* ... */]); $promise = $client->batchRevokePermissionsAsync([/* ... */]);
Batch operation to revoke permissions from the principal.
Parameter Syntax
$result = $client->batchRevokePermissions([
'CatalogId' => '<string>',
'Entries' => [ // REQUIRED
[
'Id' => '<string>', // REQUIRED
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Entries
-
- Required: Yes
- Type: Array of BatchPermissionsRequestEntry structures
A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'RequestEntry' => [
'Id' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of BatchPermissionsFailureEntry structures
A list of failures to revoke permissions to the resources.
Errors
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
CancelTransaction
$result = $client->cancelTransaction([/* ... */]); $promise = $client->cancelTransactionAsync([/* ... */]);
Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.
Parameter Syntax
$result = $client->cancelTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- TransactionId
-
- Required: Yes
- Type: string
The transaction to cancel.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
CommitTransaction
$result = $client->commitTransaction([/* ... */]); $promise = $client->commitTransactionAsync([/* ... */]);
Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.
Parameter Syntax
$result = $client->commitTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- TransactionId
-
- Required: Yes
- Type: string
The transaction to commit.
Result Syntax
[
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
]
Result Details
Members
- TransactionStatus
-
- Type: string
The status of the transaction.
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
CreateDataCellsFilter
$result = $client->createDataCellsFilter([/* ... */]); $promise = $client->createDataCellsFilterAsync([/* ... */]);
Creates a data cell filter to allow one to grant access to certain columns on certain rows.
Parameter Syntax
$result = $client->createDataCellsFilter([
'TableData' => [ // REQUIRED
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
'VersionId' => '<string>',
],
]);
Parameter Details
Members
- TableData
-
- Required: Yes
- Type: DataCellsFilter structure
A
DataCellsFilterstructure containing information about the data cells filter.
Result Syntax
[]
Result Details
Errors
-
AlreadyExistsException:
A resource to be created or added already exists.
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
CreateLFTag
$result = $client->createLFTag([/* ... */]); $promise = $client->createLFTagAsync([/* ... */]);
Creates an LF-tag with the specified name and values.
Parameter Syntax
$result = $client->createLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
Result Syntax
[]
Result Details
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
CreateLakeFormationIdentityCenterConfiguration
$result = $client->createLakeFormationIdentityCenterConfiguration([/* ... */]); $promise = $client->createLakeFormationIdentityCenterConfigurationAsync([/* ... */]);
Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
Parameter Syntax
$result = $client->createLakeFormationIdentityCenterConfiguration([
'CatalogId' => '<string>',
'ExternalFiltering' => [
'AuthorizedTargets' => ['<string>', ...], // REQUIRED
'Status' => 'ENABLED|DISABLED', // REQUIRED
],
'InstanceArn' => '<string>',
'ShareRecipients' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.
- ExternalFiltering
-
- Type: ExternalFilteringConfiguration structure
A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.
- InstanceArn
-
- Type: string
The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
- ShareRecipients
-
- Type: Array of DataLakePrincipal structures
A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.
If the
ShareRecipientslist includes valid values, a resource share is created with the principals you want to have access to the resources.If the
ShareRecipientsvalue is null or the list is empty, no resource share is created.
Result Syntax
[
'ApplicationArn' => '<string>',
]
Result Details
Members
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.
Errors
-
InvalidInputException:
The input provided was not valid.
-
AlreadyExistsException:
A resource to be created or added already exists.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
CreateLakeFormationOptIn
$result = $client->createLakeFormationOptIn([/* ... */]); $promise = $client->createLakeFormationOptInAsync([/* ... */]);
Enforce Lake Formation permissions for the given databases, tables, and principals.
Parameter Syntax
$result = $client->createLakeFormationOptIn([
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The Lake Formation principal. Supported principals are IAM users or IAM roles.
- Resource
-
- Required: Yes
- Type: Resource structure
A structure for the resource.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
DeleteDataCellsFilter
$result = $client->deleteDataCellsFilter([/* ... */]); $promise = $client->deleteDataCellsFilterAsync([/* ... */]);
Deletes a data cell filter.
Parameter Syntax
$result = $client->deleteDataCellsFilter([
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
]);
Parameter Details
Members
- DatabaseName
-
- Type: string
A database in the Glue Data Catalog.
- Name
-
- Type: string
The name given by the user to the data filter cell.
- TableCatalogId
-
- Type: string
The ID of the catalog to which the table belongs.
- TableName
-
- Type: string
A table in the database.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
DeleteLFTag
$result = $client->deleteLFTag([/* ... */]); $promise = $client->deleteLFTagAsync([/* ... */]);
Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.
Parameter Syntax
$result = $client->deleteLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag to delete.
Result Syntax
[]
Result Details
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
DeleteLakeFormationIdentityCenterConfiguration
$result = $client->deleteLakeFormationIdentityCenterConfiguration([/* ... */]); $promise = $client->deleteLakeFormationIdentityCenterConfigurationAsync([/* ... */]);
Deletes an IAM Identity Center connection with Lake Formation.
Parameter Syntax
$result = $client->deleteLakeFormationIdentityCenterConfiguration([
'CatalogId' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definition, and other control information to manage your Lake Formation environment.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
DeleteLakeFormationOptIn
$result = $client->deleteLakeFormationOptIn([/* ... */]); $promise = $client->deleteLakeFormationOptInAsync([/* ... */]);
Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
Parameter Syntax
$result = $client->deleteLakeFormationOptIn([
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The Lake Formation principal. Supported principals are IAM users or IAM roles.
- Resource
-
- Required: Yes
- Type: Resource structure
A structure for the resource.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
DeleteObjectsOnCancel
$result = $client->deleteObjectsOnCancel([/* ... */]); $promise = $client->deleteObjectsOnCancelAsync([/* ... */]);
For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.
The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.
Parameter Syntax
$result = $client->deleteObjectsOnCancel([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Objects' => [ // REQUIRED
[
'ETag' => '<string>',
'Uri' => '<string>', // REQUIRED
],
// ...
],
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Glue data catalog that contains the governed table. Defaults to the current account ID.
- DatabaseName
-
- Required: Yes
- Type: string
The database that contains the governed table.
- Objects
-
- Required: Yes
- Type: Array of VirtualObject structures
A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.
- TableName
-
- Required: Yes
- Type: string
The name of the governed table.
- TransactionId
-
- Required: Yes
- Type: string
ID of the transaction that the writes occur in.
Result Syntax
[]
Result Details
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
-
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
DeregisterResource
$result = $client->deregisterResource([/* ... */]); $promise = $client->deregisterResourceAsync([/* ... */]);
Deregisters the resource as managed by the Data Catalog.
When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
Parameter Syntax
$result = $client->deregisterResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to deregister.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
DescribeLakeFormationIdentityCenterConfiguration
$result = $client->describeLakeFormationIdentityCenterConfiguration([/* ... */]); $promise = $client->describeLakeFormationIdentityCenterConfigurationAsync([/* ... */]);
Retrieves the instance ARN and application ARN for the connection.
Parameter Syntax
$result = $client->describeLakeFormationIdentityCenterConfiguration([
'CatalogId' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
Result Syntax
[
'ApplicationArn' => '<string>',
'CatalogId' => '<string>',
'ExternalFiltering' => [
'AuthorizedTargets' => ['<string>', ...],
'Status' => 'ENABLED|DISABLED',
],
'InstanceArn' => '<string>',
'ResourceShare' => '<string>',
'ShareRecipients' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
]
Result Details
Members
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- ExternalFiltering
-
- Type: ExternalFilteringConfiguration structure
Indicates if external filtering is enabled.
- InstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the connection.
- ResourceShare
-
- Type: string
The Amazon Resource Name (ARN) of the RAM share.
- ShareRecipients
-
- Type: Array of DataLakePrincipal structures
A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.
If the
ShareRecipientslist includes valid values, a resource share is created with the principals you want to have access to the resources as theShareRecipients.If the
ShareRecipientsvalue is null or the list is empty, no resource share is created.
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
DescribeResource
$result = $client->describeResource([/* ... */]); $promise = $client->describeResourceAsync([/* ... */]);
Retrieves the current data access role for the given resource registered in Lake Formation.
Parameter Syntax
$result = $client->describeResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The resource ARN.
Result Syntax
[
'ResourceInfo' => [
'HybridAccessEnabled' => true || false,
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
'WithFederation' => true || false,
],
]
Result Details
Members
- ResourceInfo
-
- Type: ResourceInfo structure
A structure containing information about an Lake Formation resource.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
DescribeTransaction
$result = $client->describeTransaction([/* ... */]); $promise = $client->describeTransactionAsync([/* ... */]);
Returns the details of a single transaction.
Parameter Syntax
$result = $client->describeTransaction([
'TransactionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- TransactionId
-
- Required: Yes
- Type: string
The transaction for which to return status.
Result Syntax
[
'TransactionDescription' => [
'TransactionEndTime' => <DateTime>,
'TransactionId' => '<string>',
'TransactionStartTime' => <DateTime>,
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
],
]
Result Details
Members
- TransactionDescription
-
- Type: TransactionDescription structure
Returns a
TransactionDescriptionobject containing information about the transaction.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
ExtendTransaction
$result = $client->extendTransaction([/* ... */]); $promise = $client->extendTransactionAsync([/* ... */]);
Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.
Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.
Parameter Syntax
$result = $client->extendTransaction([
'TransactionId' => '<string>',
]);
Parameter Details
Members
- TransactionId
-
- Type: string
The transaction to extend.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
-
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
GetDataCellsFilter
$result = $client->getDataCellsFilter([/* ... */]); $promise = $client->getDataCellsFilterAsync([/* ... */]);
Returns a data cells filter.
Parameter Syntax
$result = $client->getDataCellsFilter([
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'TableCatalogId' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DatabaseName
-
- Required: Yes
- Type: string
A database in the Glue Data Catalog.
- Name
-
- Required: Yes
- Type: string
The name given by the user to the data filter cell.
- TableCatalogId
-
- Required: Yes
- Type: string
The ID of the catalog to which the table belongs.
- TableName
-
- Required: Yes
- Type: string
A table in the database.
Result Syntax
[
'DataCellsFilter' => [
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>',
'TableName' => '<string>',
'VersionId' => '<string>',
],
]
Result Details
Members
- DataCellsFilter
-
- Type: DataCellsFilter structure
A structure that describes certain columns on certain rows.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
InternalServiceException:
An internal service error occurred.
-
AccessDeniedException:
Access to a resource was denied.
GetDataLakePrincipal
$result = $client->getDataLakePrincipal([/* ... */]); $promise = $client->getDataLakePrincipalAsync([/* ... */]);
Returns the identity of the invoking principal.
Parameter Syntax
$result = $client->getDataLakePrincipal([ ]);
Parameter Details
Members
Result Syntax
[
'Identity' => '<string>',
]
Result Details
Members
- Identity
-
- Type: string
A unique identifier of the invoking principal.
Errors
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
GetDataLakeSettings
$result = $client->getDataLakeSettings([/* ... */]); $promise = $client->getDataLakeSettingsAsync([/* ... */]);
Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
Parameter Syntax
$result = $client->getDataLakeSettings([
'CatalogId' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
Result Syntax
[
'DataLakeSettings' => [
'AllowExternalDataFiltering' => true || false,
'AllowFullTableExternalDataAccess' => true || false,
'AuthorizedSessionTagValueList' => ['<string>', ...],
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'ExternalDataFilteringAllowList' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'Parameters' => ['<string>', ...],
'ReadOnlyAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]
Result Details
Members
- DataLakeSettings
-
- Type: DataLakeSettings structure
A structure representing a list of Lake Formation principals designated as data lake administrators.
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
GetEffectivePermissionsForPath
$result = $client->getEffectivePermissionsForPath([/* ... */]); $promise = $client->getEffectivePermissionsForPathAsync([/* ... */]);
Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.
Parameter Syntax
$result = $client->getEffectivePermissionsForPath([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which you want to get permissions.
Result Syntax
[
'NextToken' => '<string>',
'Permissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'LastUpdated' => <DateTime>,
'LastUpdatedBy' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Permissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of the permissions for the specified table or database resource located at the path in Amazon S3.
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
OperationTimeoutException:
The operation timed out.
-
InternalServiceException:
An internal service error occurred.
GetLFTag
$result = $client->getLFTag([/* ... */]); $promise = $client->getLFTagAsync([/* ... */]);
Returns an LF-tag definition.
Parameter Syntax
$result = $client->getLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
Result Syntax
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
]
Result Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Type: Array of strings
A list of possible values an attribute can take.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
GetQueryState
$result = $client->getQueryState([/* ... */]); $promise = $client->getQueryStateAsync([/* ... */]);
Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.
Parameter Syntax
$result = $client->getQueryState([
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
Result Syntax
[
'Error' => '<string>',
'State' => 'PENDING|WORKUNITS_AVAILABLE|ERROR|FINISHED|EXPIRED',
]
Result Details
Members
- Error
-
- Type: string
An error message when the operation fails.
- State
-
- Required: Yes
- Type: string
The state of a query previously submitted. The possible states are:
-
PENDING: the query is pending.
-
WORKUNITS_AVAILABLE: some work units are ready for retrieval and execution.
-
FINISHED: the query planning finished successfully, and all work units are ready for retrieval and execution.
-
ERROR: an error occurred with the query, such as an invalid query ID or a backend error.
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
GetQueryStatistics
$result = $client->getQueryStatistics([/* ... */]); $promise = $client->getQueryStatisticsAsync([/* ... */]);
Retrieves statistics on the planning and execution of a query.
Parameter Syntax
$result = $client->getQueryStatistics([
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
Result Syntax
[
'ExecutionStatistics' => [
'AverageExecutionTimeMillis' => <integer>,
'DataScannedBytes' => <integer>,
'WorkUnitsExecutedCount' => <integer>,
],
'PlanningStatistics' => [
'EstimatedDataToScanBytes' => <integer>,
'PlanningTimeMillis' => <integer>,
'QueueTimeMillis' => <integer>,
'WorkUnitsGeneratedCount' => <integer>,
],
'QuerySubmissionTime' => <DateTime>,
]
Result Details
Members
- ExecutionStatistics
-
- Type: ExecutionStatistics structure
An
ExecutionStatisticsstructure containing execution statistics. - PlanningStatistics
-
- Type: PlanningStatistics structure
A
PlanningStatisticsstructure containing query planning statistics. - QuerySubmissionTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the query was submitted.
Errors
-
StatisticsNotReadyYetException:
Contains details about an error related to statistics not being ready.
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
ExpiredException:
Contains details about an error where the query request expired.
-
ThrottledException:
Contains details about an error where the query request was throttled.
GetResourceLFTags
$result = $client->getResourceLFTags([/* ... */]); $promise = $client->getResourceLFTagsAsync([/* ... */]);
Returns the LF-tags applied to a resource.
Parameter Syntax
$result = $client->getResourceLFTags([
'CatalogId' => '<string>',
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ShowAssignedLFTags' => true || false,
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource for which you want to return LF-tags.
- ShowAssignedLFTags
-
- Type: boolean
Indicates whether to show the assigned LF-tags.
Result Syntax
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of LF-tags applied to a database resource.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of LF-tags applied to a column resource.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of LF-tags applied to a table resource.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
GlueEncryptionException:
An encryption operation failed.
-
AccessDeniedException:
Access to a resource was denied.
GetTableObjects
$result = $client->getTableObjects([/* ... */]); $promise = $client->getTableObjectsAsync([/* ... */]);
Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.
Parameter Syntax
$result = $client->getTableObjects([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'PartitionPredicate' => '<string>',
'QueryAsOfTime' => <integer || string || DateTime>,
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog containing the governed table. Defaults to the caller’s account.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the governed table.
- MaxResults
-
- Type: int
Specifies how many values to return in a page.
- NextToken
-
- Type: string
A continuation token if this is not the first call to retrieve these objects.
- PartitionPredicate
-
- Type: string
A predicate to filter the objects returned based on the partition keys defined in the governed table.
-
The comparison operators supported are: =, >, <, >=, <=
-
The logical operators supported are: AND
-
The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.
- QueryAsOfTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with
TransactionId. - TableName
-
- Required: Yes
- Type: string
The governed table for which to retrieve objects.
- TransactionId
-
- Type: string
The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with
QueryAsOfTime.
Result Syntax
[
'NextToken' => '<string>',
'Objects' => [
[
'Objects' => [
[
'ETag' => '<string>',
'Size' => <integer>,
'Uri' => '<string>',
],
// ...
],
'PartitionValues' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token indicating whether additional data is available.
- Objects
-
- Type: Array of PartitionObjects structures
A list of objects organized by partition keys.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
-
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.
GetTemporaryGluePartitionCredentials
$result = $client->getTemporaryGluePartitionCredentials([/* ... */]); $promise = $client->getTemporaryGluePartitionCredentialsAsync([/* ... */]);
This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.
Parameter Syntax
$result = $client->getTemporaryGluePartitionCredentials([
'AuditContext' => [
'AdditionalAuditContext' => '<string>',
],
'DurationSeconds' => <integer>,
'Partition' => [ // REQUIRED
'Values' => ['<string>', ...], // REQUIRED
],
'Permissions' => ['<string>', ...],
'SupportedPermissionTypes' => ['<string>', ...],
'TableArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AuditContext
-
- Type: AuditContext structure
A structure representing context to access a resource (column names, query ID, etc).
- DurationSeconds
-
- Type: int
The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.
- Partition
-
- Required: Yes
- Type: PartitionValueList structure
A list of partition values identifying a single partition.
- Permissions
-
- Type: Array of strings
Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).
- SupportedPermissionTypes
-
- Type: Array of strings
A list of supported permission types for the partition. Valid values are
COLUMN_PERMISSIONandCELL_FILTER_PERMISSION. - TableArn
-
- Required: Yes
- Type: string
The ARN of the partitions' table.
Result Syntax
[
'AccessKeyId' => '<string>',
'Expiration' => <DateTime>,
'SecretAccessKey' => '<string>',
'SessionToken' => '<string>',
]
Result Details
Members
- AccessKeyId
-
- Type: string
The access key ID for the temporary credentials.
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the temporary credentials expire.
- SecretAccessKey
-
- Type: string
The secret key for the temporary credentials.
- SessionToken
-
- Type: string
The session token for the temporary credentials.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
AccessDeniedException:
Access to a resource was denied.
-
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the
GetTemporaryGlueTableCredentialsoperation withSupportedPermissionTypeequal toColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
GetTemporaryGlueTableCredentials
$result = $client->getTemporaryGlueTableCredentials([/* ... */]); $promise = $client->getTemporaryGlueTableCredentialsAsync([/* ... */]);
Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
Parameter Syntax
$result = $client->getTemporaryGlueTableCredentials([
'AuditContext' => [
'AdditionalAuditContext' => '<string>',
],
'DurationSeconds' => <integer>,
'Permissions' => ['<string>', ...],
'QuerySessionContext' => [
'AdditionalContext' => ['<string>', ...],
'ClusterId' => '<string>',
'QueryAuthorizationId' => '<string>',
'QueryId' => '<string>',
'QueryStartTime' => <integer || string || DateTime>,
],
'S3Path' => '<string>',
'SupportedPermissionTypes' => ['<string>', ...],
'TableArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AuditContext
-
- Type: AuditContext structure
A structure representing context to access a resource (column names, query ID, etc).
- DurationSeconds
-
- Type: int
The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.
- Permissions
-
- Type: Array of strings
Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).
- QuerySessionContext
-
- Type: QuerySessionContext structure
A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.
- S3Path
-
- Type: string
The Amazon S3 path for the table.
- SupportedPermissionTypes
-
- Type: Array of strings
A list of supported permission types for the table. Valid values are
COLUMN_PERMISSIONandCELL_FILTER_PERMISSION. - TableArn
-
- Required: Yes
- Type: string
The ARN identifying a table in the Data Catalog for the temporary credentials request.
Result Syntax
[
'AccessKeyId' => '<string>',
'Expiration' => <DateTime>,
'SecretAccessKey' => '<string>',
'SessionToken' => '<string>',
'VendedS3Path' => ['<string>', ...],
]
Result Details
Members
- AccessKeyId
-
- Type: string
The access key ID for the temporary credentials.
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the temporary credentials expire.
- SecretAccessKey
-
- Type: string
The secret key for the temporary credentials.
- SessionToken
-
- Type: string
The session token for the temporary credentials.
- VendedS3Path
-
- Type: Array of strings
The Amazon S3 path for the temporary credentials.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
AccessDeniedException:
Access to a resource was denied.
-
PermissionTypeMismatchException:
The engine does not support filtering data based on the enforced permissions. For example, if you call the
GetTemporaryGlueTableCredentialsoperation withSupportedPermissionTypeequal toColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
GetWorkUnitResults
$result = $client->getWorkUnitResults([/* ... */]); $promise = $client->getWorkUnitResultsAsync([/* ... */]);
Returns the work units resulting from the query. Work units can be executed in any order and in parallel.
Parameter Syntax
$result = $client->getWorkUnitResults([
'QueryId' => '<string>', // REQUIRED
'WorkUnitId' => <integer>, // REQUIRED
'WorkUnitToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation for which to get results.
- WorkUnitId
-
- Required: Yes
- Type: long (int|float)
The work unit ID for which to get results. Value generated by enumerating
WorkUnitIdMintoWorkUnitIdMax(inclusive) from theWorkUnitRangein the output ofGetWorkUnits. - WorkUnitToken
-
- Required: Yes
- Type: string
A work token used to query the execution service. Token output from
GetWorkUnits.
Result Syntax
[
'ResultStream' => <string || resource || Psr\Http\Message\StreamInterface>,
]
Result Details
Members
- ResultStream
-
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
Rows returned from the
GetWorkUnitResultsoperation as a stream of Apache Arrow v1.0 messages.
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
ExpiredException:
Contains details about an error where the query request expired.
-
ThrottledException:
Contains details about an error where the query request was throttled.
GetWorkUnits
$result = $client->getWorkUnits([/* ... */]); $promise = $client->getWorkUnitsAsync([/* ... */]);
Retrieves the work units generated by the StartQueryPlanning operation.
Parameter Syntax
$result = $client->getWorkUnits([
'NextToken' => '<string>',
'PageSize' => <integer>,
'QueryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- PageSize
-
- Type: int
The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
Result Syntax
[
'NextToken' => '<string>',
'QueryId' => '<string>',
'WorkUnitRanges' => [
[
'WorkUnitIdMax' => <integer>,
'WorkUnitIdMin' => <integer>,
'WorkUnitToken' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation.
- WorkUnitRanges
-
- Required: Yes
- Type: Array of WorkUnitRange structures
A
WorkUnitRangeListobject that specifies the valid range of work unit IDs for querying the execution service.
Errors
-
WorkUnitsNotReadyYetException:
Contains details about an error related to work units not being ready.
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
ExpiredException:
Contains details about an error where the query request expired.
GrantPermissions
$result = $client->grantPermissions([/* ... */]); $promise = $client->grantPermissionsAsync([/* ... */]);
Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->grantPermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the
Privileges. - Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.
Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
ListDataCellsFilter
$result = $client->listDataCellsFilter([/* ... */]); $promise = $client->listDataCellsFilterAsync([/* ... */]);
Lists all the data cell filters on a table.
Parameter Syntax
$result = $client->listDataCellsFilter([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum size of the response.
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- Table
-
- Type: TableResource structure
A table in the Glue Data Catalog.
Result Syntax
[
'DataCellsFilters' => [
[
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>',
'TableName' => '<string>',
'VersionId' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DataCellsFilters
-
- Type: Array of DataCellsFilter structures
A list of
DataCellFilterstructures. - NextToken
-
- Type: string
A continuation token, if not all requested data cell filters have been returned.
Errors
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
InternalServiceException:
An internal service error occurred.
-
AccessDeniedException:
Access to a resource was denied.
ListLFTags
$result = $client->listLFTags([/* ... */]); $promise = $client->listLFTagsAsync([/* ... */]);
Lists LF-tags that the requester has permission to view.
Parameter Syntax
$result = $client->listLFTags([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'ResourceShareType' => 'FOREIGN|ALL',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- ResourceShareType
-
- Type: string
If resource share type is
ALL, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type isFOREIGN, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.
Result Syntax
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LFTags
-
- Type: Array of LFTagPair structures
A list of LF-tags that the requested has permission to view.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
ListLakeFormationOptIns
$result = $client->listLakeFormationOptIns([/* ... */]); $promise = $client->listLakeFormationOptInsAsync([/* ... */]);
Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
Parameter Syntax
$result = $client->listLakeFormationOptIns([
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Principal
-
- Type: DataLakePrincipal structure
The Lake Formation principal. Supported principals are IAM users or IAM roles.
- Resource
-
- Type: Resource structure
A structure for the resource.
Result Syntax
[
'LakeFormationOptInsInfoList' => [
[
'LastModified' => <DateTime>,
'LastUpdatedBy' => '<string>',
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LakeFormationOptInsInfoList
-
- Type: Array of LakeFormationOptInsInfo structures
A list of principal-resource pairs that have Lake Formation permissins enforced.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
ListPermissions
$result = $client->listPermissions([/* ... */]); $promise = $client->listPermissionsAsync([/* ... */]);
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
Parameter Syntax
$result = $client->listPermissions([
'CatalogId' => '<string>',
'IncludeRelated' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
'ResourceType' => 'CATALOG|DATABASE|TABLE|DATA_LOCATION|LF_TAG|LF_TAG_POLICY|LF_TAG_POLICY_DATABASE|LF_TAG_POLICY_TABLE',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- IncludeRelated
-
- Type: string
Indicates that related permissions should be included in the results.
- MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- Principal
-
- Type: DataLakePrincipal structure
Specifies a principal to filter the permissions returned.
- Resource
-
- Type: Resource structure
A resource where you will get a list of the principal permissions.
This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.
- ResourceType
-
- Type: string
Specifies a resource type to filter the permissions returned.
Result Syntax
[
'NextToken' => '<string>',
'PrincipalResourcePermissions' => [
[
'AdditionalDetails' => [
'ResourceShare' => ['<string>', ...],
],
'LastUpdated' => <DateTime>,
'LastUpdatedBy' => '<string>',
'Permissions' => ['<string>', ...],
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>',
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [
[
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'ResourceType' => 'DATABASE|TABLE',
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>',
'Name' => '<string>',
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
- PrincipalResourcePermissions
-
- Type: Array of PrincipalResourcePermissions structures
A list of principals and their permissions on the resource for the specified principal and resource types.
Errors
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
InternalServiceException:
An internal service error occurred.
ListResources
$result = $client->listResources([/* ... */]); $promise = $client->listResourcesAsync([/* ... */]);
Lists the resources registered to be managed by the Data Catalog.
Parameter Syntax
$result = $client->listResources([
'FilterConditionList' => [
[
'ComparisonOperator' => 'EQ|NE|LE|LT|GE|GT|CONTAINS|NOT_CONTAINS|BEGINS_WITH|IN|BETWEEN',
'Field' => 'RESOURCE_ARN|ROLE_ARN|LAST_MODIFIED',
'StringValueList' => ['<string>', ...],
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- FilterConditionList
-
- Type: Array of FilterCondition structures
Any applicable row-level and/or column-level filtering conditions for the resources.
- MaxResults
-
- Type: int
The maximum number of resource results.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
Result Syntax
[
'NextToken' => '<string>',
'ResourceInfoList' => [
[
'HybridAccessEnabled' => true || false,
'LastModified' => <DateTime>,
'ResourceArn' => '<string>',
'RoleArn' => '<string>',
'WithFederation' => true || false,
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve these resources.
- ResourceInfoList
-
- Type: Array of ResourceInfo structures
A summary of the data lake resources.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
ListTableStorageOptimizers
$result = $client->listTableStorageOptimizers([/* ... */]); $promise = $client->listTableStorageOptimizersAsync([/* ... */]);
Returns the configuration of all storage optimizers associated with a specified table.
Parameter Syntax
$result = $client->listTableStorageOptimizers([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
'TableName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Catalog ID of the table.
- DatabaseName
-
- Required: Yes
- Type: string
Name of the database where the table is present.
- MaxResults
-
- Type: int
The number of storage optimizers to return on each call.
- NextToken
-
- Type: string
A continuation token, if this is a continuation call.
- StorageOptimizerType
-
- Type: string
The specific type of storage optimizers to list. The supported value is
compaction. - TableName
-
- Required: Yes
- Type: string
Name of the table.
Result Syntax
[
'NextToken' => '<string>',
'StorageOptimizerList' => [
[
'Config' => ['<string>', ...],
'ErrorMessage' => '<string>',
'LastRunDetails' => '<string>',
'StorageOptimizerType' => 'COMPACTION|GARBAGE_COLLECTION|ALL',
'Warnings' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.
- StorageOptimizerList
-
- Type: Array of StorageOptimizer structures
A list of the storage optimizers associated with a table.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
InternalServiceException:
An internal service error occurred.
ListTransactions
$result = $client->listTransactions([/* ... */]); $promise = $client->listTransactionsAsync([/* ... */]);
Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.
This operation can help you identify uncommitted transactions or to get information about transactions.
Parameter Syntax
$result = $client->listTransactions([
'CatalogId' => '<string>',
'MaxResults' => <integer>,
'NextToken' => '<string>',
'StatusFilter' => 'ALL|COMPLETED|ACTIVE|COMMITTED|ABORTED',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog for which to list transactions. Defaults to the account ID of the caller.
- MaxResults
-
- Type: int
The maximum number of transactions to return in a single call.
- NextToken
-
- Type: string
A continuation token if this is not the first call to retrieve transactions.
- StatusFilter
-
- Type: string
A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is
ALL.
Result Syntax
[
'NextToken' => '<string>',
'Transactions' => [
[
'TransactionEndTime' => <DateTime>,
'TransactionId' => '<string>',
'TransactionStartTime' => <DateTime>,
'TransactionStatus' => 'ACTIVE|COMMITTED|ABORTED|COMMIT_IN_PROGRESS',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token indicating whether additional data is available.
- Transactions
-
- Type: Array of TransactionDescription structures
A list of transactions. The record for each transaction is a
TransactionDescriptionobject.
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
PutDataLakeSettings
$result = $client->putDataLakeSettings([/* ... */]); $promise = $client->putDataLakeSettingsAsync([/* ... */]);
Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.
This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
Parameter Syntax
$result = $client->putDataLakeSettings([
'CatalogId' => '<string>',
'DataLakeSettings' => [ // REQUIRED
'AllowExternalDataFiltering' => true || false,
'AllowFullTableExternalDataAccess' => true || false,
'AuthorizedSessionTagValueList' => ['<string>', ...],
'CreateDatabaseDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'CreateTableDefaultPermissions' => [
[
'Permissions' => ['<string>', ...],
'Principal' => [
'DataLakePrincipalIdentifier' => '<string>',
],
],
// ...
],
'DataLakeAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'ExternalDataFilteringAllowList' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'Parameters' => ['<string>', ...],
'ReadOnlyAdmins' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
'TrustedResourceOwners' => ['<string>', ...],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- DataLakeSettings
-
- Required: Yes
- Type: DataLakeSettings structure
A structure representing a list of Lake Formation principals designated as data lake administrators.
Result Syntax
[]
Result Details
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
RegisterResource
$result = $client->registerResource([/* ... */]); $promise = $client->registerResourceAsync([/* ... */]);
Registers the resource as managed by the Data Catalog.
To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.
The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.
ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true
If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:
arn:aws:iam::12345:role/my-data-access-role
Parameter Syntax
$result = $client->registerResource([
'HybridAccessEnabled' => true || false,
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>',
'UseServiceLinkedRole' => true || false,
'WithFederation' => true || false,
]);
Parameter Details
Members
- HybridAccessEnabled
-
- Type: boolean
Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to register.
- RoleArn
-
- Type: string
The identifier for the role that registers the resource.
- UseServiceLinkedRole
-
- Type: boolean
Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.
For more information, see Using Service-Linked Roles for Lake Formation.
- WithFederation
-
- Type: boolean
Whether or not the resource is a federated resource.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AlreadyExistsException:
A resource to be created or added already exists.
-
EntityNotFoundException:
A specified entity does not exist.
-
ResourceNumberLimitExceededException:
A resource numerical limit was exceeded.
-
AccessDeniedException:
Access to a resource was denied.
RemoveLFTagsFromResource
$result = $client->removeLFTagsFromResource([/* ... */]); $promise = $client->removeLFTagsFromResourceAsync([/* ... */]);
Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.
Parameter Syntax
$result = $client->removeLFTagsFromResource([
'CatalogId' => '<string>',
'LFTags' => [ // REQUIRED
[
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- LFTags
-
- Required: Yes
- Type: Array of LFTagPair structures
The LF-tags to be removed from the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The database, table, or column resource where you want to remove an LF-tag.
Result Syntax
[
'Failures' => [
[
'Error' => [
'ErrorCode' => '<string>',
'ErrorMessage' => '<string>',
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
],
// ...
],
]
Result Details
Members
- Failures
-
- Type: Array of LFTagError structures
A list of failures to untag a resource.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
GlueEncryptionException:
An encryption operation failed.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
RevokePermissions
$result = $client->revokePermissions([/* ... */]); $promise = $client->revokePermissionsAsync([/* ... */]);
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
Parameter Syntax
$result = $client->revokePermissions([
'CatalogId' => '<string>',
'Permissions' => ['<string>', ...], // REQUIRED
'PermissionsWithGrantOption' => ['<string>', ...],
'Principal' => [ // REQUIRED
'DataLakePrincipalIdentifier' => '<string>',
],
'Resource' => [ // REQUIRED
'Catalog' => [
],
'DataCellsFilter' => [
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableCatalogId' => '<string>',
'TableName' => '<string>',
],
'DataLocation' => [
'CatalogId' => '<string>',
'ResourceArn' => '<string>', // REQUIRED
],
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>', // REQUIRED
],
'LFTag' => [
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
'LFTagPolicy' => [
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'ResourceType' => 'DATABASE|TABLE', // REQUIRED
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>',
'TableWildcard' => [
],
],
'TableWithColumns' => [
'CatalogId' => '<string>',
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Permissions
-
- Required: Yes
- Type: Array of strings
The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.
- Principal
-
- Required: Yes
- Type: DataLakePrincipal structure
The principal to be revoked permissions on the resource.
- Resource
-
- Required: Yes
- Type: Resource structure
The resource to which permissions are to be revoked.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
SearchDatabasesByLFTags
$result = $client->searchDatabasesByLFTags([/* ... */]); $promise = $client->searchDatabasesByLFTagsAsync([/* ... */]);
This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchDatabasesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in database resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'DatabaseList' => [
[
'Database' => [
'CatalogId' => '<string>',
'Name' => '<string>',
],
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DatabaseList
-
- Type: Array of TaggedDatabase structures
A list of databases that meet the LF-tag conditions.
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
GlueEncryptionException:
An encryption operation failed.
-
AccessDeniedException:
Access to a resource was denied.
SearchTablesByLFTags
$result = $client->searchTablesByLFTags([/* ... */]); $promise = $client->searchTablesByLFTagsAsync([/* ... */]);
This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.
Parameter Syntax
$result = $client->searchTablesByLFTags([
'CatalogId' => '<string>',
'Expression' => [ // REQUIRED
[
'TagKey' => '<string>', // REQUIRED
'TagValues' => ['<string>', ...], // REQUIRED
],
// ...
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of conditions (
LFTagstructures) to search for in table resources. - MaxResults
-
- Type: int
The maximum number of results to return.
- NextToken
-
- Type: string
A continuation token, if this is not the first call to retrieve this list.
Result Syntax
[
'NextToken' => '<string>',
'TableList' => [
[
'LFTagOnDatabase' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'LFTagsOnColumns' => [
[
'LFTags' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Name' => '<string>',
],
// ...
],
'LFTagsOnTable' => [
[
'CatalogId' => '<string>',
'TagKey' => '<string>',
'TagValues' => ['<string>', ...],
],
// ...
],
'Table' => [
'CatalogId' => '<string>',
'DatabaseName' => '<string>',
'Name' => '<string>',
'TableWildcard' => [
],
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
A continuation token, present if the current list segment is not the last. On the first run, if you include a not null (a value) token you can get empty pages.
- TableList
-
- Type: Array of TaggedTable structures
A list of tables that meet the LF-tag conditions.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
GlueEncryptionException:
An encryption operation failed.
-
AccessDeniedException:
Access to a resource was denied.
StartQueryPlanning
$result = $client->startQueryPlanning([/* ... */]); $promise = $client->startQueryPlanningAsync([/* ... */]);
Submits a request to process a query statement.
This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.
Parameter Syntax
$result = $client->startQueryPlanning([
'QueryPlanningContext' => [ // REQUIRED
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'QueryAsOfTime' => <integer || string || DateTime>,
'QueryParameters' => ['<string>', ...],
'TransactionId' => '<string>',
],
'QueryString' => '<string>', // REQUIRED
]);
Parameter Details
Members
- QueryPlanningContext
-
- Required: Yes
- Type: QueryPlanningContext structure
A structure containing information about the query plan.
- QueryString
-
- Required: Yes
- Type: string
A PartiQL query statement used as an input to the planner service.
Result Syntax
[
'QueryId' => '<string>',
]
Result Details
Members
- QueryId
-
- Required: Yes
- Type: string
The ID of the plan query operation can be used to fetch the actual work unit descriptors that are produced as the result of the operation. The ID is also used to get the query state and as an input to the
Executeoperation.
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
ThrottledException:
Contains details about an error where the query request was throttled.
StartTransaction
$result = $client->startTransaction([/* ... */]); $promise = $client->startTransactionAsync([/* ... */]);
Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.
Parameter Syntax
$result = $client->startTransaction([
'TransactionType' => 'READ_AND_WRITE|READ_ONLY',
]);
Parameter Details
Members
- TransactionType
-
- Type: string
Indicates whether this transaction should be read only or read and write. Writes made using a read-only transaction ID will be rejected. Read-only transactions do not need to be committed.
Result Syntax
[
'TransactionId' => '<string>',
]
Result Details
Members
- TransactionId
-
- Type: string
An opaque identifier for the transaction.
Errors
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
UpdateDataCellsFilter
$result = $client->updateDataCellsFilter([/* ... */]); $promise = $client->updateDataCellsFilterAsync([/* ... */]);
Updates a data cell filter.
Parameter Syntax
$result = $client->updateDataCellsFilter([
'TableData' => [ // REQUIRED
'ColumnNames' => ['<string>', ...],
'ColumnWildcard' => [
'ExcludedColumnNames' => ['<string>', ...],
],
'DatabaseName' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'RowFilter' => [
'AllRowsWildcard' => [
],
'FilterExpression' => '<string>',
],
'TableCatalogId' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
'VersionId' => '<string>',
],
]);
Parameter Details
Members
- TableData
-
- Required: Yes
- Type: DataCellsFilter structure
A
DataCellsFilterstructure containing information about the data cells filter.
Result Syntax
[]
Result Details
Errors
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
UpdateLFTag
$result = $client->updateLFTag([/* ... */]); $promise = $client->updateLFTagAsync([/* ... */]);
Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.
Parameter Syntax
$result = $client->updateLFTag([
'CatalogId' => '<string>',
'TagKey' => '<string>', // REQUIRED
'TagValuesToAdd' => ['<string>', ...],
'TagValuesToDelete' => ['<string>', ...],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag for which to add or delete values.
- TagValuesToAdd
-
- Type: Array of strings
A list of LF-tag values to add from the LF-tag.
- TagValuesToDelete
-
- Type: Array of strings
A list of LF-tag values to delete from the LF-tag.
Result Syntax
[]
Result Details
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
-
AccessDeniedException:
Access to a resource was denied.
UpdateLakeFormationIdentityCenterConfiguration
$result = $client->updateLakeFormationIdentityCenterConfiguration([/* ... */]); $promise = $client->updateLakeFormationIdentityCenterConfigurationAsync([/* ... */]);
Updates the IAM Identity Center connection parameters.
Parameter Syntax
$result = $client->updateLakeFormationIdentityCenterConfiguration([
'ApplicationStatus' => 'ENABLED|DISABLED',
'CatalogId' => '<string>',
'ExternalFiltering' => [
'AuthorizedTargets' => ['<string>', ...], // REQUIRED
'Status' => 'ENABLED|DISABLED', // REQUIRED
],
'ShareRecipients' => [
[
'DataLakePrincipalIdentifier' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- ApplicationStatus
-
- Type: string
Allows to enable or disable the IAM Identity Center connection.
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.
- ExternalFiltering
-
- Type: ExternalFilteringConfiguration structure
A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.
- ShareRecipients
-
- Type: Array of DataLakePrincipal structures
A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access to access data managed by Lake Formation.
If the
ShareRecipientslist includes valid values, then the resource share is updated with the principals you want to have access to the resources.If the
ShareRecipientsvalue is null, both the list of share recipients and the resource share remain unchanged.If the
ShareRecipientsvalue is an empty list, then the existing share recipients list will be cleared, and the resource share will be deleted.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
EntityNotFoundException:
A specified entity does not exist.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
AccessDeniedException:
Access to a resource was denied.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
UpdateResource
$result = $client->updateResource([/* ... */]); $promise = $client->updateResourceAsync([/* ... */]);
Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
Parameter Syntax
$result = $client->updateResource([
'HybridAccessEnabled' => true || false,
'ResourceArn' => '<string>', // REQUIRED
'RoleArn' => '<string>', // REQUIRED
'WithFederation' => true || false,
]);
Parameter Details
Members
- HybridAccessEnabled
-
- Type: boolean
Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.
- ResourceArn
-
- Required: Yes
- Type: string
The resource ARN.
- RoleArn
-
- Required: Yes
- Type: string
The new role to use for the given resource registered in Lake Formation.
- WithFederation
-
- Type: boolean
Whether or not the resource is a federated resource.
Result Syntax
[]
Result Details
Errors
-
InvalidInputException:
The input provided was not valid.
-
InternalServiceException:
An internal service error occurred.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
UpdateTableObjects
$result = $client->updateTableObjects([/* ... */]); $promise = $client->updateTableObjectsAsync([/* ... */]);
Updates the manifest of Amazon S3 objects that make up the specified governed table.
Parameter Syntax
$result = $client->updateTableObjects([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'TableName' => '<string>', // REQUIRED
'TransactionId' => '<string>',
'WriteOperations' => [ // REQUIRED
[
'AddObject' => [
'ETag' => '<string>', // REQUIRED
'PartitionValues' => ['<string>', ...],
'Size' => <integer>, // REQUIRED
'Uri' => '<string>', // REQUIRED
],
'DeleteObject' => [
'ETag' => '<string>',
'PartitionValues' => ['<string>', ...],
'Uri' => '<string>', // REQUIRED
],
],
// ...
],
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The catalog containing the governed table to update. Defaults to the caller’s account ID.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the governed table to update.
- TableName
-
- Required: Yes
- Type: string
The governed table to update.
- TransactionId
-
- Type: string
The transaction at which to do the write.
- WriteOperations
-
- Required: Yes
- Type: Array of WriteOperation structures
A list of
WriteOperationobjects that define an object to add to or delete from the manifest for a governed table.
Result Syntax
[]
Result Details
Errors
-
InternalServiceException:
An internal service error occurred.
-
InvalidInputException:
The input provided was not valid.
-
OperationTimeoutException:
The operation timed out.
-
EntityNotFoundException:
A specified entity does not exist.
-
TransactionCommittedException:
Contains details about an error where the specified transaction has already been committed and cannot be used for
UpdateTableObjects. -
TransactionCanceledException:
Contains details about an error related to a transaction that was cancelled.
-
TransactionCommitInProgressException:
Contains details about an error related to a transaction commit that was in progress.
-
ResourceNotReadyException:
Contains details about an error related to a resource which is not ready for a transaction.
-
ConcurrentModificationException:
Two processes are trying to modify a resource simultaneously.
UpdateTableStorageOptimizer
$result = $client->updateTableStorageOptimizer([/* ... */]); $promise = $client->updateTableStorageOptimizerAsync([/* ... */]);
Updates the configuration of the storage optimizers for a table.
Parameter Syntax
$result = $client->updateTableStorageOptimizer([
'CatalogId' => '<string>',
'DatabaseName' => '<string>', // REQUIRED
'StorageOptimizerConfig' => [ // REQUIRED
'<OptimizerType>' => ['<string>', ...],
// ...
],
'TableName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CatalogId
-
- Type: string
The Catalog ID of the table.
- DatabaseName
-
- Required: Yes
- Type: string
Name of the database where the table is present.
- StorageOptimizerConfig
-
- Required: Yes
- Type: Associative array of custom strings keys (OptimizerType) to stringss
Name of the table for which to enable the storage optimizer.
- TableName
-
- Required: Yes
- Type: string
Name of the table for which to enable the storage optimizer.
Result Syntax
[
'Result' => '<string>',
]
Result Details
Members
- Result
-
- Type: string
A response indicating the success of failure of the operation.
Errors
-
EntityNotFoundException:
A specified entity does not exist.
-
InvalidInputException:
The input provided was not valid.
-
AccessDeniedException:
Access to a resource was denied.
-
InternalServiceException:
An internal service error occurred.
Shapes
AccessDeniedException
Description
Access to a resource was denied.
Members
- Message
-
- Type: string
A message describing the problem.
AddObjectInput
Description
A new object to add to the governed table.
Members
- ETag
-
- Required: Yes
- Type: string
The Amazon S3 ETag of the object. Returned by
GetTableObjectsfor validation and used to identify changes to the underlying data. - PartitionValues
-
- Type: Array of strings
A list of partition values for the object. A value must be specified for each partition key associated with the table.
The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.
- Size
-
- Required: Yes
- Type: long (int|float)
The size of the Amazon S3 object in bytes.
- Uri
-
- Required: Yes
- Type: string
The Amazon S3 location of the object.
AllRowsWildcard
Description
A structure that you pass to indicate you want all rows in a filter.
Members
AlreadyExistsException
Description
A resource to be created or added already exists.
Members
- Message
-
- Type: string
A message describing the problem.
AuditContext
Description
A structure used to include auditing information on the privileged API.
Members
- AdditionalAuditContext
-
- Type: string
The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.
BatchPermissionsFailureEntry
Description
A list of failures when performing a batch grant or batch revoke operation.
Members
- Error
-
- Type: ErrorDetail structure
An error message that applies to the failure of the entry.
- RequestEntry
-
- Type: BatchPermissionsRequestEntry structure
An identifier for an entry of the batch request.
BatchPermissionsRequestEntry
Description
A permission to a resource granted by batch operation to the principal.
Members
- Id
-
- Required: Yes
- Type: string
A unique identifier for the batch permissions request entry.
- Permissions
-
- Type: Array of strings
The permissions to be granted.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates if the option to pass permissions is granted.
- Principal
-
- Type: DataLakePrincipal structure
The principal to be granted a permission.
- Resource
-
- Type: Resource structure
The resource to which the principal is to be granted a permission.
CatalogResource
Description
A structure for the catalog object.
Members
ColumnLFTag
Description
A structure containing the name of a column resource and the LF-tags attached to it.
Members
- LFTags
-
- Type: Array of LFTagPair structures
The LF-tags attached to a column resource.
- Name
-
- Type: string
The name of a column resource.
ColumnWildcard
Description
A wildcard object, consisting of an optional list of excluded column names or indexes.
Members
- ExcludedColumnNames
-
- Type: Array of strings
Excludes column names. Any column with this name will be excluded.
ConcurrentModificationException
Description
Two processes are trying to modify a resource simultaneously.
Members
- Message
-
- Type: string
A message describing the problem.
DataCellsFilter
Description
A structure that describes certain columns on certain rows.
Members
- ColumnNames
-
- Type: Array of strings
A list of column names and/or nested column attributes. When specifying nested attributes, use a qualified dot (.) delimited format such as "address"."zip". Nested attributes within this list may not exceed a depth of 5.
- ColumnWildcard
-
- Type: ColumnWildcard structure
A wildcard with exclusions.
You must specify either a
ColumnNameslist or theColumnWildCard. - DatabaseName
-
- Required: Yes
- Type: string
A database in the Glue Data Catalog.
- Name
-
- Required: Yes
- Type: string
The name given by the user to the data filter cell.
- RowFilter
-
- Type: RowFilter structure
A PartiQL predicate.
- TableCatalogId
-
- Required: Yes
- Type: string
The ID of the catalog to which the table belongs.
- TableName
-
- Required: Yes
- Type: string
A table in the database.
- VersionId
-
- Type: string
The ID of the data cells filter version.
DataCellsFilterResource
Description
A structure for a data cells filter resource.
Members
- DatabaseName
-
- Type: string
A database in the Glue Data Catalog.
- Name
-
- Type: string
The name of the data cells filter.
- TableCatalogId
-
- Type: string
The ID of the catalog to which the table belongs.
- TableName
-
- Type: string
The name of the table.
DataLakePrincipal
Description
The Lake Formation principal. Supported principals are IAM users or IAM roles.
Members
- DataLakePrincipalIdentifier
-
- Type: string
An identifier for the Lake Formation principal.
DataLakeSettings
Description
A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
Members
- AllowExternalDataFiltering
-
- Type: boolean
Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
For more information, see (Optional) Allow external data filtering.
- AllowFullTableExternalDataAccess
-
- Type: boolean
Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
- AuthorizedSessionTagValueList
-
- Type: Array of strings
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.
- CreateDatabaseDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
- CreateTableDefaultPermissions
-
- Type: Array of PrincipalPermissions structures
Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
- DataLakeAdmins
-
- Type: Array of DataLakePrincipal structures
A list of Lake Formation principals. Supported principals are IAM users or IAM roles.
- ExternalDataFilteringAllowList
-
- Type: Array of DataLakePrincipal structures
A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>
- Parameters
-
- Type: Associative array of custom strings keys (KeyString) to strings
A key-value map that provides an additional configuration on your data lake. CROSS_ACCOUNT_VERSION is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, 3, and 4.
- ReadOnlyAdmins
-
- Type: Array of DataLakePrincipal structures
A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.
- TrustedResourceOwners
-
- Type: Array of strings
A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.
You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
DataLocationResource
Description
A structure for a data location object where permissions are granted or revoked.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) that uniquely identifies the data location resource.
DatabaseResource
Description
A structure for the database object.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- Name
-
- Required: Yes
- Type: string
The name of the database resource. Unique to the Data Catalog.
DeleteObjectInput
Description
An object to delete from the governed table.
Members
- ETag
-
- Type: string
The Amazon S3 ETag of the object. Returned by
GetTableObjectsfor validation and used to identify changes to the underlying data. - PartitionValues
-
- Type: Array of strings
A list of partition values for the object. A value must be specified for each partition key associated with the governed table.
- Uri
-
- Required: Yes
- Type: string
The Amazon S3 location of the object to delete.
DetailsMap
Description
A structure containing the additional details to be returned in the AdditionalDetails attribute of PrincipalResourcePermissions.
If a catalog resource is shared through Resource Access Manager (RAM), then there will exist a corresponding RAM resource share ARN.
Members
- ResourceShare
-
- Type: Array of strings
A resource share ARN for a catalog resource shared through RAM.
EntityNotFoundException
Description
A specified entity does not exist.
Members
- Message
-
- Type: string
A message describing the problem.
ErrorDetail
Description
Contains details about an error.
Members
- ErrorCode
-
- Type: string
The code associated with this error.
- ErrorMessage
-
- Type: string
A message describing the error.
ExecutionStatistics
Description
Statistics related to the processing of a query statement.
Members
- AverageExecutionTimeMillis
-
- Type: long (int|float)
The average time the request took to be executed.
- DataScannedBytes
-
- Type: long (int|float)
The amount of data that was scanned in bytes.
- WorkUnitsExecutedCount
-
- Type: long (int|float)
The number of work units executed.
ExpiredException
Description
Contains details about an error where the query request expired.
Members
- Message
-
- Type: string
A message describing the error.
ExternalFilteringConfiguration
Description
Configuration for enabling external data filtering for third-party applications to access data managed by Lake Formation .
Members
- AuthorizedTargets
-
- Required: Yes
- Type: Array of strings
List of third-party application
ARNsintegrated with Lake Formation. - Status
-
- Required: Yes
- Type: string
Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.
FilterCondition
Description
This structure describes the filtering of columns in a table based on a filter condition.
Members
- ComparisonOperator
-
- Type: string
The comparison operator used in the filter condition.
- Field
-
- Type: string
The field to filter in the filter condition.
- StringValueList
-
- Type: Array of strings
A string with values used in evaluating the filter condition.
GlueEncryptionException
Description
An encryption operation failed.
Members
- Message
-
- Type: string
A message describing the problem.
InternalServiceException
Description
An internal service error occurred.
Members
- Message
-
- Type: string
A message describing the problem.
InvalidInputException
Description
The input provided was not valid.
Members
- Message
-
- Type: string
A message describing the problem.
LFTag
Description
A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.
Members
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
The maximum number of values that can be defined for a LF-Tag is 1000. A single API call supports 50 values. You can use multiple API calls to add more values.
LFTagError
Description
A structure containing an error related to a TagResource or UnTagResource operation.
Members
- Error
-
- Type: ErrorDetail structure
An error that occurred with the attachment or detachment of the LF-tag.
- LFTag
-
- Type: LFTagPair structure
The key-name of the LF-tag.
LFTagKeyResource
Description
A structure containing an LF-tag key and values for a resource.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPair
Description
A structure containing an LF-tag key-value pair.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- TagKey
-
- Required: Yes
- Type: string
The key-name for the LF-tag.
- TagValues
-
- Required: Yes
- Type: Array of strings
A list of possible values an attribute can take.
LFTagPolicyResource
Description
A structure containing a list of LF-tag conditions that apply to a resource's LF-tag policy.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Expression
-
- Required: Yes
- Type: Array of LFTag structures
A list of LF-tag conditions that apply to the resource's LF-tag policy.
- ResourceType
-
- Required: Yes
- Type: string
The resource type for which the LF-tag policy applies.
LakeFormationOptInsInfo
Description
A single principal-resource pair that has Lake Formation permissins enforced.
Members
- LastModified
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last modified date and time of the record.
- LastUpdatedBy
-
- Type: string
The user who updated the record.
- Principal
-
- Type: DataLakePrincipal structure
The Lake Formation principal. Supported principals are IAM users or IAM roles.
- Resource
-
- Type: Resource structure
A structure for the resource.
OperationTimeoutException
Description
The operation timed out.
Members
- Message
-
- Type: string
A message describing the problem.
PartitionObjects
Description
A structure containing a list of partition values and table objects.
Members
- Objects
-
- Type: Array of TableObject structures
A list of table objects
- PartitionValues
-
- Type: Array of strings
A list of partition values.
PartitionValueList
Description
Contains a list of values defining partitions.
Members
- Values
-
- Required: Yes
- Type: Array of strings
The list of partition values.
PermissionTypeMismatchException
Description
The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.
Members
- Message
-
- Type: string
A message describing the problem.
PlanningStatistics
Description
Statistics related to the processing of a query statement.
Members
- EstimatedDataToScanBytes
-
- Type: long (int|float)
An estimate of the data that was scanned in bytes.
- PlanningTimeMillis
-
- Type: long (int|float)
The time that it took to process the request.
- QueueTimeMillis
-
- Type: long (int|float)
The time the request was in queue to be processed.
- WorkUnitsGeneratedCount
-
- Type: long (int|float)
The number of work units generated.
PrincipalPermissions
Description
Permissions granted to a principal.
Members
- Permissions
-
- Type: Array of strings
The permissions that are granted to the principal.
- Principal
-
- Type: DataLakePrincipal structure
The principal who is granted permissions.
PrincipalResourcePermissions
Description
The permissions granted or revoked on a resource.
Members
- AdditionalDetails
-
- Type: DetailsMap structure
This attribute can be used to return any additional details of
PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN. - LastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the resource was last updated.
- LastUpdatedBy
-
- Type: string
The user who updated the record.
- Permissions
-
- Type: Array of strings
The permissions to be granted or revoked on the resource.
- PermissionsWithGrantOption
-
- Type: Array of strings
Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).
- Principal
-
- Type: DataLakePrincipal structure
The Data Lake principal to be granted or revoked permissions.
- Resource
-
- Type: Resource structure
The resource where permissions are to be granted or revoked.
QueryPlanningContext
Description
A structure containing information about the query plan.
Members
- CatalogId
-
- Type: string
The ID of the Data Catalog where the partition in question resides. If none is provided, the Amazon Web Services account ID is used by default.
- DatabaseName
-
- Required: Yes
- Type: string
The database containing the table.
- QueryAsOfTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with
TransactionId. - QueryParameters
-
- Type: Associative array of custom strings keys (String) to strings
A map consisting of key-value pairs.
- TransactionId
-
- Type: string
The transaction ID at which to read the table contents. If this transaction is not committed, the read will be treated as part of that transaction and will see its writes. If this transaction has aborted, an error will be returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with
QueryAsOfTime.
QuerySessionContext
Description
A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.
Members
- AdditionalContext
-
- Type: Associative array of custom strings keys (ContextKey) to strings
An opaque string-string map passed by the query engine.
- ClusterId
-
- Type: string
An identifier string for the consumer cluster.
- QueryAuthorizationId
-
- Type: string
A cryptographically generated query identifier generated by Glue or Lake Formation.
- QueryId
-
- Type: string
A unique identifier generated by the query engine for the query.
- QueryStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp provided by the query engine for when the query started.
Resource
Description
A structure for the resource.
Members
- Catalog
-
- Type: CatalogResource structure
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- DataCellsFilter
-
- Type: DataCellsFilterResource structure
A data cell filter.
- DataLocation
-
- Type: DataLocationResource structure
The location of an Amazon S3 path where permissions are granted or revoked.
- Database
-
- Type: DatabaseResource structure
The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
- LFTag
-
- Type: LFTagKeyResource structure
The LF-tag key and values attached to a resource.
- LFTagPolicy
-
- Type: LFTagPolicyResource structure
A list of LF-tag conditions that define a resource's LF-tag policy.
- Table
-
- Type: TableResource structure
The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
- TableWithColumns
-
- Type: TableWithColumnsResource structure
The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.
ResourceInfo
Description
A structure containing information about an Lake Formation resource.
Members
- HybridAccessEnabled
-
- Type: boolean
Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.
- LastModified
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the resource was last modified.
- ResourceArn
-
- Type: string
The Amazon Resource Name (ARN) of the resource.
- RoleArn
-
- Type: string
The IAM role that registered a resource.
- WithFederation
-
- Type: boolean
Whether or not the resource is a federated resource.
ResourceNotReadyException
Description
Contains details about an error related to a resource which is not ready for a transaction.
Members
- Message
-
- Type: string
A message describing the error.
ResourceNumberLimitExceededException
Description
A resource numerical limit was exceeded.
Members
- Message
-
- Type: string
A message describing the problem.
RowFilter
Description
A PartiQL predicate.
Members
- AllRowsWildcard
-
- Type: AllRowsWildcard structure
A wildcard for all rows.
- FilterExpression
-
- Type: string
A filter expression.
StatisticsNotReadyYetException
Description
Contains details about an error related to statistics not being ready.
Members
- Message
-
- Type: string
A message describing the error.
StorageOptimizer
Description
A structure describing the configuration and details of a storage optimizer.
Members
- Config
-
- Type: Associative array of custom strings keys (StorageOptimizerConfigKey) to strings
A map of the storage optimizer configuration. Currently contains only one key-value pair:
is_enabledindicates true or false for acceleration. - ErrorMessage
-
- Type: string
A message that contains information about any error (if present).
When an acceleration result has an enabled status, the error message is empty.
When an acceleration result has a disabled status, the message describes an error or simply indicates "disabled by the user".
- LastRunDetails
-
- Type: string
When an acceleration result has an enabled status, contains the details of the last job run.
- StorageOptimizerType
-
- Type: string
The specific type of storage optimizer. The supported value is
compaction. - Warnings
-
- Type: string
A message that contains information about any warnings (if present).
TableObject
Description
Specifies the details of a governed table.
Members
- ETag
-
- Type: string
The Amazon S3 ETag of the object. Returned by
GetTableObjectsfor validation and used to identify changes to the underlying data. - Size
-
- Type: long (int|float)
The size of the Amazon S3 object in bytes.
- Uri
-
- Type: string
The Amazon S3 location of the object.
TableResource
Description
A structure for the table object. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Type: string
The name of the table.
- TableWildcard
-
- Type: TableWildcard structure
A wildcard object representing every table under a database.
At least one of
TableResource$NameorTableResource$TableWildcardis required.
TableWildcard
Description
A wildcard object representing every table under a database.
Members
TableWithColumnsResource
Description
A structure for a table with columns object. This object is only used when granting a SELECT permission.
This object must take a value for at least one of ColumnsNames, ColumnsIndexes, or ColumnsWildcard.
Members
- CatalogId
-
- Type: string
The identifier for the Data Catalog. By default, it is the account ID of the caller.
- ColumnNames
-
- Type: Array of strings
The list of column names for the table. At least one of
ColumnNamesorColumnWildcardis required. - ColumnWildcard
-
- Type: ColumnWildcard structure
A wildcard specified by a
ColumnWildcardobject. At least one ofColumnNamesorColumnWildcardis required. - DatabaseName
-
- Required: Yes
- Type: string
The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
- Name
-
- Required: Yes
- Type: string
The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
TaggedDatabase
Description
A structure describing a database resource with LF-tags.
Members
- Database
-
- Type: DatabaseResource structure
A database that has LF-tags attached to it.
- LFTags
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the database.
TaggedTable
Description
A structure describing a table resource with LF-tags.
Members
- LFTagOnDatabase
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the database where the table resides.
- LFTagsOnColumns
-
- Type: Array of ColumnLFTag structures
A list of LF-tags attached to columns in the table.
- LFTagsOnTable
-
- Type: Array of LFTagPair structures
A list of LF-tags attached to the table.
- Table
-
- Type: TableResource structure
A table that has LF-tags attached to it.
ThrottledException
Description
Contains details about an error where the query request was throttled.
Members
- Message
-
- Type: string
A message describing the error.
TransactionCanceledException
Description
Contains details about an error related to a transaction that was cancelled.
Members
- Message
-
- Type: string
A message describing the error.
TransactionCommitInProgressException
Description
Contains details about an error related to a transaction commit that was in progress.
Members
- Message
-
- Type: string
A message describing the error.
TransactionCommittedException
Description
Contains details about an error where the specified transaction has already been committed and cannot be used for UpdateTableObjects.
Members
- Message
-
- Type: string
A message describing the error.
TransactionDescription
Description
A structure that contains information about a transaction.
Members
- TransactionEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the transaction committed or aborted, if it is not currently active.
- TransactionId
-
- Type: string
The ID of the transaction.
- TransactionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the transaction started.
- TransactionStatus
-
- Type: string
A status of ACTIVE, COMMITTED, or ABORTED.
VirtualObject
Description
An object that defines an Amazon S3 object to be deleted if a transaction cancels, provided that VirtualPut was called before writing the object.
Members
- ETag
-
- Type: string
The ETag of the Amazon S3 object.
- Uri
-
- Required: Yes
- Type: string
The path to the Amazon S3 object. Must start with s3://
WorkUnitRange
Description
Defines the valid range of work unit IDs for querying the execution service.
Members
- WorkUnitIdMax
-
- Required: Yes
- Type: long (int|float)
Defines the maximum work unit ID in the range. The maximum value is inclusive.
- WorkUnitIdMin
-
- Required: Yes
- Type: long (int|float)
Defines the minimum work unit ID in the range.
- WorkUnitToken
-
- Required: Yes
- Type: string
A work token used to query the execution service.
WorkUnitsNotReadyYetException
Description
Contains details about an error related to work units not being ready.
Members
- Message
-
- Type: string
A message describing the error.
WriteOperation
Description
Defines an object to add to or delete from a governed table.
Members
- AddObject
-
- Type: AddObjectInput structure
A new object to add to the governed table.
- DeleteObject
-
- Type: DeleteObjectInput structure
An object to delete from the governed table.