Package software.amazon.awscdk.services.lakeformation

Class CfnDataLakeSettings

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.lakeformation.CfnDataLakeSettings
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:58.388Z") @Stability(Stable) public class CfnDataLakeSettings extends CfnResource implements IInspectable
A CloudFormation AWS::LakeFormation::DataLakeSettings.

The AWS::LakeFormation::DataLakeSettings resource is an AWS Lake Formation resource type that manages the data lake settings for your account.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.lakeformation.*;
 Object parameters;
 CfnDataLakeSettings cfnDataLakeSettings = CfnDataLakeSettings.Builder.create(this, "MyCfnDataLakeSettings")
         .admins(List.of(DataLakePrincipalProperty.builder()
                 .dataLakePrincipalIdentifier("dataLakePrincipalIdentifier")
                 .build()))
         .allowExternalDataFiltering(false)
         .authorizedSessionTagValueList(List.of("authorizedSessionTagValueList"))
         .createDatabaseDefaultPermissions(List.of(PrincipalPermissionsProperty.builder()
                 .permissions(List.of("permissions"))
                 .principal(DataLakePrincipalProperty.builder()
                         .dataLakePrincipalIdentifier("dataLakePrincipalIdentifier")
                         .build())
                 .build()))
         .createTableDefaultPermissions(List.of(PrincipalPermissionsProperty.builder()
                 .permissions(List.of("permissions"))
                 .principal(DataLakePrincipalProperty.builder()
                         .dataLakePrincipalIdentifier("dataLakePrincipalIdentifier")
                         .build())
                 .build()))
         .externalDataFilteringAllowList(List.of(DataLakePrincipalProperty.builder()
                 .dataLakePrincipalIdentifier("dataLakePrincipalIdentifier")
                 .build()))
         .parameters(parameters)
         .trustedResourceOwners(List.of("trustedResourceOwners"))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnDataLakeSettings

      protected CfnDataLakeSettings(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnDataLakeSettings

      protected CfnDataLakeSettings(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnDataLakeSettings

      @Stability(Stable) public CfnDataLakeSettings(@NotNull Construct scope, @NotNull String id, @Nullable CfnDataLakeSettingsProps props)
      Create a new AWS::LakeFormation::DataLakeSettings.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.

    • CfnDataLakeSettings

      @Stability(Stable) public CfnDataLakeSettings(@NotNull Construct scope, @NotNull String id)
      Create a new AWS::LakeFormation::DataLakeSettings.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getParameters

      @Stability(Stable) @NotNull public Object getParameters()
      A key-value map that provides an additional configuration on your data lake.

      CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.

    • setParameters

      @Stability(Stable) public void setParameters(@NotNull Object value)
      A key-value map that provides an additional configuration on your data lake.

      CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.

    • getAdmins

      @Stability(Stable) @Nullable public Object getAdmins()
      A list of AWS Lake Formation principals.

    • setAdmins

      @Stability(Stable) public void setAdmins(@Nullable IResolvable value)
      A list of AWS Lake Formation principals.

    • setAdmins

      @Stability(Stable) public void setAdmins(@Nullable List<Object> value)
      A list of AWS Lake Formation principals.

    • getAllowExternalDataFiltering

      @Stability(Stable) @Nullable public Object getAllowExternalDataFiltering()
      Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation .

      If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation .

      If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation.

      For more information, see External data filtering setting .

    • setAllowExternalDataFiltering

      @Stability(Stable) public void setAllowExternalDataFiltering(@Nullable Boolean value)
      Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation .

      If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation .

      If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation.

      For more information, see External data filtering setting .

    • setAllowExternalDataFiltering

      @Stability(Stable) public void setAllowExternalDataFiltering(@Nullable IResolvable value)
      Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation .

      If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation .

      If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation.

      For more information, see External data filtering setting .

    • getAuthorizedSessionTagValueList

      @Stability(Stable) @Nullable public List<String> getAuthorizedSessionTagValueList()
      Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

      Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation 's administrative API operations.

    • setAuthorizedSessionTagValueList

      @Stability(Stable) public void setAuthorizedSessionTagValueList(@Nullable List<String> value)
      Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.

      Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation 's administrative API operations.

    • getCreateDatabaseDefaultPermissions

      @Stability(Stable) @Nullable public Object getCreateDatabaseDefaultPermissions()
      Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • setCreateDatabaseDefaultPermissions

      @Stability(Stable) public void setCreateDatabaseDefaultPermissions(@Nullable IResolvable value)
      Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • setCreateDatabaseDefaultPermissions

      @Stability(Stable) public void setCreateDatabaseDefaultPermissions(@Nullable List<Object> value)
      Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • getCreateTableDefaultPermissions

      @Stability(Stable) @Nullable public Object getCreateTableDefaultPermissions()
      Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL permissions to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • setCreateTableDefaultPermissions

      @Stability(Stable) public void setCreateTableDefaultPermissions(@Nullable IResolvable value)
      Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL permissions to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • setCreateTableDefaultPermissions

      @Stability(Stable) public void setCreateTableDefaultPermissions(@Nullable List<Object> value)
      Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.

      A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions.

      The only permitted values are an empty array or an array that contains a single JSON object that grants ALL permissions to IAM_ALLOWED_PRINCIPALS .

      For more information, see Changing the default security settings for your data lake .

    • getExternalDataFilteringAllowList

      @Stability(Stable) @Nullable public Object getExternalDataFilteringAllowList()
      A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.

    • setExternalDataFilteringAllowList

      @Stability(Stable) public void setExternalDataFilteringAllowList(@Nullable IResolvable value)
      A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.

    • setExternalDataFilteringAllowList

      @Stability(Stable) public void setExternalDataFilteringAllowList(@Nullable List<Object> value)
      A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.

    • getTrustedResourceOwners

      @Stability(Stable) @Nullable public List<String> getTrustedResourceOwners()
      An array of UTF-8 strings.

      A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log. You may want to specify this property when you are in a high-trust boundary, such as the same team or company.

    • setTrustedResourceOwners

      @Stability(Stable) public void setTrustedResourceOwners(@Nullable List<String> value)
      An array of UTF-8 strings.

      A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log. You may want to specify this property when you are in a high-trust boundary, such as the same team or company.