Package com.pulumi.aws.lakeformation
Class DataLakeSettings
- java.lang.Object
-
- com.pulumi.resources.Resource
-
- com.pulumi.resources.CustomResource
-
- com.pulumi.aws.lakeformation.DataLakeSettings
-
public class DataLakeSettings extends com.pulumi.resources.CustomResourceManages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions. > **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the `IAMAllowedPrincipals` principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html). ## Example Usage ### Data Lake Admins ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lakeformation.DataLakeSettings; import com.pulumi.aws.lakeformation.DataLakeSettingsArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder() .admins( aws_iam_user.test().arn(), aws_iam_role.test().arn()) .build()); } } ``` ### Create Default Permissions ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lakeformation.DataLakeSettings; import com.pulumi.aws.lakeformation.DataLakeSettingsArgs; import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs; import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder() .admins( aws_iam_user.test().arn(), aws_iam_role.test().arn()) .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder() .permissions( "SELECT", "ALTER", "DROP") .principal(aws_iam_user.test().arn()) .build()) .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder() .permissions("ALL") .principal(aws_iam_role.test().arn()) .build()) .build()); } } ``` ### Enable EMR access to LakeFormation resources ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lakeformation.DataLakeSettings; import com.pulumi.aws.lakeformation.DataLakeSettingsArgs; import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs; import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder() .admins( aws_iam_user.test().arn(), aws_iam_role.test().arn()) .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder() .permissions( "SELECT", "ALTER", "DROP") .principal(aws_iam_user.test().arn()) .build()) .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder() .permissions("ALL") .principal(aws_iam_role.test().arn()) .build()) .allowExternalDataFiltering(true) .externalDataFilteringAllowLists( data.aws_caller_identity().current().account_id(), data.aws_caller_identity().third_party().account_id()) .authorizedSessionTagValueLists("Amazon EMR") .build()); } } ```
-
-
Constructor Summary
Constructors Constructor Description DataLakeSettings(java.lang.String name)DataLakeSettings(java.lang.String name, DataLakeSettingsArgs args)DataLakeSettings(java.lang.String name, DataLakeSettingsArgs args, com.pulumi.resources.CustomResourceOptions options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.pulumi.core.Output<java.util.List<java.lang.String>>admins()com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>>allowExternalDataFiltering()com.pulumi.core.Output<java.util.List<java.lang.String>>authorizedSessionTagValueLists()com.pulumi.core.Output<java.util.Optional<java.lang.String>>catalogId()com.pulumi.core.Output<java.util.List<DataLakeSettingsCreateDatabaseDefaultPermission>>createDatabaseDefaultPermissions()com.pulumi.core.Output<java.util.List<DataLakeSettingsCreateTableDefaultPermission>>createTableDefaultPermissions()com.pulumi.core.Output<java.util.List<java.lang.String>>externalDataFilteringAllowLists()static DataLakeSettingsget(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, DataLakeSettingsState state, com.pulumi.resources.CustomResourceOptions options)Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.com.pulumi.core.Output<java.util.List<java.lang.String>>readOnlyAdmins()com.pulumi.core.Output<java.util.List<java.lang.String>>trustedResourceOwners()
-
-
-
Constructor Detail
-
DataLakeSettings
public DataLakeSettings(java.lang.String name)
- Parameters:
name- The _unique_ name of the resulting resource.
-
DataLakeSettings
public DataLakeSettings(java.lang.String name, @Nullable DataLakeSettingsArgs args)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.
-
DataLakeSettings
public DataLakeSettings(java.lang.String name, @Nullable DataLakeSettingsArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.options- A bag of options that control this resource's behavior.
-
-
Method Detail
-
admins
public com.pulumi.core.Output<java.util.List<java.lang.String>> admins()
- Returns:
- Set of ARNs of AWS Lake Formation principals (IAM users or roles).
-
allowExternalDataFiltering
public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allowExternalDataFiltering()
- Returns:
- Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
-
authorizedSessionTagValueLists
public com.pulumi.core.Output<java.util.List<java.lang.String>> authorizedSessionTagValueLists()
- Returns:
- Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. > **NOTE:** Although optional, not including `admins`, `create_database_default_permissions`, `create_table_default_permissions`, and/or `trusted_resource_owners` results in the setting being cleared.
-
catalogId
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> catalogId()
- Returns:
- Identifier for the Data Catalog. By default, the account ID.
-
createDatabaseDefaultPermissions
public com.pulumi.core.Output<java.util.List<DataLakeSettingsCreateDatabaseDefaultPermission>> createDatabaseDefaultPermissions()
- Returns:
- Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
-
createTableDefaultPermissions
public com.pulumi.core.Output<java.util.List<DataLakeSettingsCreateTableDefaultPermission>> createTableDefaultPermissions()
- Returns:
- Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
-
externalDataFilteringAllowLists
public com.pulumi.core.Output<java.util.List<java.lang.String>> externalDataFilteringAllowLists()
- Returns:
- A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
-
readOnlyAdmins
public com.pulumi.core.Output<java.util.List<java.lang.String>> readOnlyAdmins()
- Returns:
- Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
-
trustedResourceOwners
public com.pulumi.core.Output<java.util.List<java.lang.String>> trustedResourceOwners()
- Returns:
- List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
-
get
public static DataLakeSettings get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, @Nullable DataLakeSettingsState state, @Nullable com.pulumi.resources.CustomResourceOptions options)
Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.- Parameters:
name- The _unique_ name of the resulting resource.id- The _unique_ provider ID of the resource to lookup.state-options- Optional settings to control the behavior of the CustomResource.
-
-