Class: Aws::LakeFormation::Client

Inherits:

Seahorse::Client::Base

• Object
• Seahorse::Client::Base
• Aws::LakeFormation::Client

Includes:

ClientStubs

Defined in:

gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb

Overview

An API client for LakeFormation. To construct a client, you need to configure a :region and :credentials.

client = Aws::LakeFormation::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations

• #add_lf_tags_to_resource(params = {}) ⇒ Types::AddLFTagsToResourceResponse

  Attaches one or more LF-tags to an existing resource.

• #assume_decorated_role_with_saml(params = {}) ⇒ Types::AssumeDecoratedRoleWithSAMLResponse

  Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request.

• #batch_grant_permissions(params = {}) ⇒ Types::BatchGrantPermissionsResponse

  Batch operation to grant permissions to the principal.

• #batch_revoke_permissions(params = {}) ⇒ Types::BatchRevokePermissionsResponse

  Batch operation to revoke permissions from the principal.

• #cancel_transaction(params = {}) ⇒ Struct

  Attempts to cancel the specified transaction.

• #commit_transaction(params = {}) ⇒ Types::CommitTransactionResponse

  Attempts to commit the specified transaction.

• #create_data_cells_filter(params = {}) ⇒ Struct

  Creates a data cell filter to allow one to grant access to certain columns on certain rows.

• #create_lake_formation_identity_center_configuration(params = {}) ⇒ Types::CreateLakeFormationIdentityCenterConfigurationResponse

  Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

• #create_lake_formation_opt_in(params = {}) ⇒ Struct

  Enforce Lake Formation permissions for the given databases, tables, and principals.

• #create_lf_tag(params = {}) ⇒ Struct

  Creates an LF-tag with the specified name and values.

• #create_lf_tag_expression(params = {}) ⇒ Struct

  Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body.

• #delete_data_cells_filter(params = {}) ⇒ Struct

  Deletes a data cell filter.

• #delete_lake_formation_identity_center_configuration(params = {}) ⇒ Struct

  Deletes an IAM Identity Center connection with Lake Formation.

• #delete_lake_formation_opt_in(params = {}) ⇒ Struct

  Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

• #delete_lf_tag(params = {}) ⇒ Struct

  Deletes an LF-tag by its key name.

• #delete_lf_tag_expression(params = {}) ⇒ Struct

  Deletes the LF-Tag expression.

• #delete_objects_on_cancel(params = {}) ⇒ Struct

  For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.

• #deregister_resource(params = {}) ⇒ Struct

  Deregisters the resource as managed by the Data Catalog.

• #describe_lake_formation_identity_center_configuration(params = {}) ⇒ Types::DescribeLakeFormationIdentityCenterConfigurationResponse

  Retrieves the instance ARN and application ARN for the connection.

• #describe_resource(params = {}) ⇒ Types::DescribeResourceResponse

  Retrieves the current data access role for the given resource registered in Lake Formation.

• #describe_transaction(params = {}) ⇒ Types::DescribeTransactionResponse

  Returns the details of a single transaction.

• #extend_transaction(params = {}) ⇒ Struct

  Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

• #get_data_cells_filter(params = {}) ⇒ Types::GetDataCellsFilterResponse

  Returns a data cells filter.

• #get_data_lake_principal(params = {}) ⇒ Types::GetDataLakePrincipalResponse

  Returns the identity of the invoking principal.

• #get_data_lake_settings(params = {}) ⇒ Types::GetDataLakeSettingsResponse

  Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

• #get_effective_permissions_for_path(params = {}) ⇒ Types::GetEffectivePermissionsForPathResponse

  Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.

• #get_lf_tag(params = {}) ⇒ Types::GetLFTagResponse

  Returns an LF-tag definition.

• #get_lf_tag_expression(params = {}) ⇒ Types::GetLFTagExpressionResponse

  Returns the details about the LF-Tag expression.

• #get_query_state(params = {}) ⇒ Types::GetQueryStateResponse

  Returns the state of a query previously submitted.

• #get_query_statistics(params = {}) ⇒ Types::GetQueryStatisticsResponse

  Retrieves statistics on the planning and execution of a query.

• #get_resource_lf_tags(params = {}) ⇒ Types::GetResourceLFTagsResponse

  Returns the LF-tags applied to a resource.

• #get_table_objects(params = {}) ⇒ Types::GetTableObjectsResponse

  Returns the set of Amazon S3 objects that make up the specified governed table.

• #get_temporary_data_location_credentials(params = {}) ⇒ Types::GetTemporaryDataLocationCredentialsResponse

  Allows a user or application in a secure environment to access data in a specific Amazon S3 location registered with Lake Formation by providing temporary scoped credentials that are limited to the requested data location and the caller's authorized access level.

• #get_temporary_glue_partition_credentials(params = {}) ⇒ Types::GetTemporaryGluePartitionCredentialsResponse

  This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.

• #get_temporary_glue_table_credentials(params = {}) ⇒ Types::GetTemporaryGlueTableCredentialsResponse

  Allows a caller in a secure environment to assume a role with permission to access Amazon S3.

• #get_work_unit_results(params = {}) ⇒ Types::GetWorkUnitResultsResponse

  Returns the work units resulting from the query.

• #get_work_units(params = {}) ⇒ Types::GetWorkUnitsResponse

  Retrieves the work units generated by the StartQueryPlanning operation.

• #grant_permissions(params = {}) ⇒ Struct

  Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

• #list_data_cells_filter(params = {}) ⇒ Types::ListDataCellsFilterResponse

  Lists all the data cell filters on a table.

• #list_lake_formation_opt_ins(params = {}) ⇒ Types::ListLakeFormationOptInsResponse

  Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

• #list_lf_tag_expressions(params = {}) ⇒ Types::ListLFTagExpressionsResponse

  Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions.

• #list_lf_tags(params = {}) ⇒ Types::ListLFTagsResponse

  Lists LF-tags that the requester has permission to view.

• #list_permissions(params = {}) ⇒ Types::ListPermissionsResponse

  Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.

• #list_resources(params = {}) ⇒ Types::ListResourcesResponse

  Lists the resources registered to be managed by the Data Catalog.

• #list_table_storage_optimizers(params = {}) ⇒ Types::ListTableStorageOptimizersResponse

  Returns the configuration of all storage optimizers associated with a specified table.

• #list_transactions(params = {}) ⇒ Types::ListTransactionsResponse

  Returns metadata about transactions and their status.

• #put_data_lake_settings(params = {}) ⇒ Struct

  Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.

• #register_resource(params = {}) ⇒ Struct

  Registers the resource as managed by the Data Catalog.

• #remove_lf_tags_from_resource(params = {}) ⇒ Types::RemoveLFTagsFromResourceResponse

  Removes an LF-tag from the resource.

• #revoke_permissions(params = {}) ⇒ Struct

  Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

• #search_databases_by_lf_tags(params = {}) ⇒ Types::SearchDatabasesByLFTagsResponse

  This operation allows a search on DATABASE resources by TagCondition.

• #search_tables_by_lf_tags(params = {}) ⇒ Types::SearchTablesByLFTagsResponse

  This operation allows a search on TABLE resources by LFTags.

• #start_query_planning(params = {}) ⇒ Types::StartQueryPlanningResponse

  Submits a request to process a query statement.

• #start_transaction(params = {}) ⇒ Types::StartTransactionResponse

  Starts a new transaction and returns its transaction ID.

• #update_data_cells_filter(params = {}) ⇒ Struct

  Updates a data cell filter.

• #update_lake_formation_identity_center_configuration(params = {}) ⇒ Struct

  Updates the IAM Identity Center connection parameters.

• #update_lf_tag(params = {}) ⇒ Struct

  Updates the list of possible values for the specified LF-tag key.

• #update_lf_tag_expression(params = {}) ⇒ Struct

  Updates the name of the LF-Tag expression to the new description and expression body provided.

• #update_resource(params = {}) ⇒ Struct

  Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

• #update_table_objects(params = {}) ⇒ Struct

  Updates the manifest of Amazon S3 objects that make up the specified governed table.

• #update_table_storage_optimizer(params = {}) ⇒ Types::UpdateTableStorageOptimizerResponse

  Updates the configuration of the storage optimizers for a table.

Instance Method Summary

• #initialize(options) ⇒ Client constructor

  A new instance of Client.

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

• options (Hash)

Options Hash (options):

• :plugins (Array<Seahorse::Client::Plugin>) — default: []] —

  A list of plugins to apply to the client. Each plugin is either a class name or an instance of a plugin class.

• :credentials (required, Aws::CredentialProvider) —

  Your AWS credentials used for authentication. This can be any class that includes and implements Aws::CredentialProvider, or instance of any one of the following classes:

  • Aws::Credentials - Used for configuring static, non-refreshing credentials.

  • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

  • Aws::AssumeRoleCredentials - Used when you need to assume a role.

  • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

  • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

  • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

  • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

  • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

  • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

  When :credentials are not configured directly, the following locations will be searched for credentials:

  • Aws.config[:credentials]

  • The :access_key_id, :secret_access_key, :session_token, and :account_id options.

  • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'], ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID'].

  • ~/.aws/credentials

  • ~/.aws/config

  • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentials or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.

• :region (required, String) —

  The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

  • Aws.config[:region]
  • ENV['AWS_REGION']
  • ENV['AMAZON_REGION']
  • ENV['AWS_DEFAULT_REGION']
  • ~/.aws/credentials
  • ~/.aws/config
• :access_key_id (String)
• :account_id (String)
• :active_endpoint_cache (Boolean) — default: false —

  When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

• :adaptive_retry_wait_to_fill (Boolean) — default: true —

  Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

• :auth_scheme_preference (Array<String>) —

  A list of preferred authentication schemes to use when making a request. Supported values are: sigv4, sigv4a, httpBearerAuth, and noAuth. When set using ENV['AWS_AUTH_SCHEME_PREFERENCE'] or in shared config as auth_scheme_preference, the value should be a comma-separated list.

• :client_side_monitoring (Boolean) — default: false —

  When true, client-side metrics will be collected for all API requests from this client.

• :client_side_monitoring_client_id (String) — default: "" —

  Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

• :client_side_monitoring_host (String) — default: "127.0.0.1" —

  Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

• :client_side_monitoring_port (Integer) — default: 31000 —

  Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

• :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher —

  Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

• :convert_params (Boolean) — default: true —

  When true, an attempt is made to coerce request parameters into the required types.

• :correct_clock_skew (Boolean) — default: true —

  Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

• :defaults_mode (String) — default: "legacy" —

  See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

• :disable_host_prefix_injection (Boolean) — default: false —

  When true, the SDK will not prepend the modeled host prefix to the endpoint.

• :disable_request_compression (Boolean) — default: false —

  When set to 'true' the request body will not be compressed for supported operations.

• :endpoint (String, URI::HTTPS, URI::HTTP) —

  Normally you should not configure the :endpoint option directly. This is normally constructed from the :region option. Configuring :endpoint is normally reserved for connecting to test or custom endpoints. The endpoint should be a URI formatted like:

  'http://example.com'
  'https://example.com'
  'http://example.com:123'
  

• :endpoint_cache_max_entries (Integer) — default: 1000 —

  Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

• :endpoint_cache_max_threads (Integer) — default: 10 —

  Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

• :endpoint_cache_poll_interval (Integer) — default: 60 —

  When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

• :endpoint_discovery (Boolean) — default: false —

  When set to true, endpoint discovery will be enabled for operations when available.

• :ignore_configured_endpoint_urls (Boolean) —

  Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file.

• :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default —

  The log formatter.

• :log_level (Symbol) — default: :info —

  The log level to send messages to the :logger at.

• :logger (Logger) —

  The Logger instance to send log messages to. If this option is not set, logging will be disabled.

• :max_attempts (Integer) — default: 3 —

  An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

• :profile (String) — default: "default" —

  Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

• :request_checksum_calculation (String) — default: "when_supported" —

  Determines when a checksum will be calculated for request payloads. Values are:

  • when_supported - (default) When set, a checksum will be calculated for all request payloads of operations modeled with the httpChecksum trait where requestChecksumRequired is true and/or a requestAlgorithmMember is modeled.
  • when_required - When set, a checksum will only be calculated for request payloads of operations modeled with the httpChecksum trait where requestChecksumRequired is true or where a requestAlgorithmMember is modeled and supplied.
• :request_min_compression_size_bytes (Integer) — default: 10240 —

  The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive.

• :response_checksum_validation (String) — default: "when_supported" —

  Determines when checksum validation will be performed on response payloads. Values are:

  • when_supported - (default) When set, checksum validation is performed on all response payloads of operations modeled with the httpChecksum trait where responseAlgorithms is modeled, except when no modeled checksum algorithms are supported.
  • when_required - When set, checksum validation is not performed on response payloads of operations unless the checksum algorithm is supported and the requestValidationModeMember member is set to ENABLED.
• :retry_backoff (Proc) —

  A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

• :retry_base_delay (Float) — default: 0.3 —

  The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

• :retry_jitter (Symbol) — default: :none —

  A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

  @see https://www.awsarchitectureblog.com/2015/03/backoff.html

• :retry_limit (Integer) — default: 3 —

  The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

• :retry_max_delay (Integer) — default: 0 —

  The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

• :retry_mode (String) — default: "legacy" —

  Specifies which retry algorithm to use. Values are:

  • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

  • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

  • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

• :sdk_ua_app_id (String) —

  A unique and opaque application ID that is appended to the User-Agent header as app/sdk_ua_app_id. It should have a maximum length of 50. This variable is sourced from environment variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.

• :secret_access_key (String)
• :session_token (String)
• :sigv4a_signing_region_set (Array) —

  A list of regions that should be signed with SigV4a signing. When not passed, a default :sigv4a_signing_region_set is searched for in the following locations:

  • Aws.config[:sigv4a_signing_region_set]
  • ENV['AWS_SIGV4A_SIGNING_REGION_SET']
  • ~/.aws/config
• :stub_responses (Boolean) — default: false —

  Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

  Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

• :telemetry_provider (Aws::Telemetry::TelemetryProviderBase) — default: Aws::Telemetry::NoOpTelemetryProvider —

  Allows you to provide a telemetry provider, which is used to emit telemetry data. By default, uses NoOpTelemetryProvider which will not record or emit any telemetry data. The SDK supports the following telemetry providers:

  • OpenTelemetry (OTel) - To use the OTel provider, install and require the opentelemetry-sdk gem and then, pass in an instance of a Aws::Telemetry::OTelProvider for telemetry provider.
• :token_provider (Aws::TokenProvider) —

  Your Bearer token used for authentication. This can be any class that includes and implements Aws::TokenProvider, or instance of any one of the following classes:

  • Aws::StaticTokenProvider - Used for configuring static, non-refreshing tokens.

  • Aws::SSOTokenProvider - Used for loading tokens from AWS SSO using an access token generated from aws login.

  When :token_provider is not configured directly, the Aws::TokenProviderChain will be used to search for tokens configured for your profile in shared configuration files.

• :use_dualstack_endpoint (Boolean) —

  When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.

• :use_fips_endpoint (Boolean) —

  When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.

• :validate_params (Boolean) — default: true —

  When true, request parameters are validated before sending the request.

• :endpoint_provider (Aws::LakeFormation::EndpointProvider) —

  The endpoint provider used to resolve endpoints. Any object that responds to #resolve_endpoint(parameters) where parameters is a Struct similar to Aws::LakeFormation::EndpointParameters.

• :http_continue_timeout (Float) — default: 1 —

  The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

• :http_idle_timeout (Float) — default: 5 —

  The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

• :http_open_timeout (Float) — default: 15 —

  The default number of seconds to wait for response data. This value can safely be set per-request on the session.

• :http_proxy (URI::HTTP, String) —

  A proxy to send requests through. Formatted like 'http://proxy.com:123'.

• :http_read_timeout (Float) — default: 60 —

  The default number of seconds to wait for response data. This value can safely be set per-request on the session.

• :http_wire_trace (Boolean) — default: false —

  When true, HTTP debug output will be sent to the :logger.

• :on_chunk_received (Proc) —

  When a Proc object is provided, it will be used as callback when each chunk of the response body is received. It provides three arguments: the chunk, the number of bytes received, and the total number of bytes in the response (or nil if the server did not send a content-length).

• :on_chunk_sent (Proc) —

  When a Proc object is provided, it will be used as callback when each chunk of the request body is sent. It provides three arguments: the chunk, the number of bytes read from the body, and the total number of bytes in the body.

• :raise_response_errors (Boolean) — default: true —

  When true, response errors are raised.

• :ssl_ca_bundle (String) —

  Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

• :ssl_ca_directory (String) —

  Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

• :ssl_ca_store (String) —

  Sets the X509::Store to verify peer certificate.

• :ssl_cert (OpenSSL::X509::Certificate) —

  Sets a client certificate when creating http connections.

• :ssl_key (OpenSSL::PKey) —

  Sets a client key when creating http connections.

• :ssl_timeout (Float) —

  Sets the SSL timeout in seconds

• :ssl_verify_peer (Boolean) — default: true —

  When true, SSL peer certificates are verified when establishing a connection.

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 473

def initialize(*args)
  super
end

Instance Method Details

#add_lf_tags_to_resource(params = {}) ⇒ Types::AddLFTagsToResourceResponse

Attaches one or more LF-tags to an existing resource.

Examples:

Request syntax with placeholder values

resp = client.add_lf_tags_to_resource({
  catalog_id: "CatalogIdString",
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  lf_tags: [ # required
    {
      catalog_id: "CatalogIdString",
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Response structure

resp.failures #=> Array
resp.failures[0].lf_tag.catalog_id #=> String
resp.failures[0].lf_tag.tag_key #=> String
resp.failures[0].lf_tag.tag_values #=> Array
resp.failures[0].lf_tag.tag_values[0] #=> String
resp.failures[0].error.error_code #=> String
resp.failures[0].error.error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :resource (required, Types::Resource) —

  The database, table, or column resource to which to attach an LF-tag.

• :lf_tags (required, Array<Types::LFTagPair>) —

  The LF-tags to attach to the resource.

Returns:

• (Types::AddLFTagsToResourceResponse) —

  Returns a response object which responds to the following methods:

  • #failures => Array<Types::LFTagError>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 579

def add_lf_tags_to_resource(params = {}, options = {})
  req = build_request(:add_lf_tags_to_resource, params)
  req.send_request(options)
end

#assume_decorated_role_with_saml(params = {}) ⇒ Types::AssumeDecoratedRoleWithSAMLResponse

Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.

This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would include the following actions:

• glue:Database

• glue:Table

• glue:Partition

• glue:UserDefinedFunction

• lakeformation:GetDataAccess

Examples:

Request syntax with placeholder values

resp = client.assume_decorated_role_with_saml({
  saml_assertion: "SAMLAssertionString", # required
  role_arn: "IAMRoleArn", # required
  principal_arn: "IAMSAMLProviderArn", # required
  duration_seconds: 1,
})

Response structure

resp.access_key_id #=> String
resp.secret_access_key #=> String
resp.session_token #=> String
resp.expiration #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :saml_assertion (required, String) —

  A SAML assertion consisting of an assertion statement for the user who needs temporary credentials. This must match the SAML assertion that was issued to IAM. This must be Base64 encoded.

• :role_arn (required, String) —

  The role that represents an IAM principal whose scope down policy allows it to call credential vending APIs such as GetTemporaryTableCredentials. The caller must also have iam:PassRole permission on this role.

• :principal_arn (required, String) —

  The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.

• :duration_seconds (Integer) —

  The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.

Returns:

• (Types::AssumeDecoratedRoleWithSAMLResponse) —

  Returns a response object which responds to the following methods:

  • #access_key_id => String
  • #secret_access_key => String
  • #session_token => String
  • #expiration => Time

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 656

def assume_decorated_role_with_saml(params = {}, options = {})
  req = build_request(:assume_decorated_role_with_saml, params)
  req.send_request(options)
end

#batch_grant_permissions(params = {}) ⇒ Types::BatchGrantPermissionsResponse

Batch operation to grant permissions to the principal.

Examples:

Request syntax with placeholder values

resp = client.batch_grant_permissions({
  catalog_id: "CatalogIdString",
  entries: [ # required
    {
      id: "Identifier", # required
      principal: {
        data_lake_principal_identifier: "DataLakePrincipalString",
      },
      resource: {
        catalog: {
          id: "CatalogIdString",
        },
        database: {
          catalog_id: "CatalogIdString",
          name: "NameString", # required
        },
        table: {
          catalog_id: "CatalogIdString",
          database_name: "NameString", # required
          name: "NameString",
          table_wildcard: {
          },
        },
        table_with_columns: {
          catalog_id: "CatalogIdString",
          database_name: "NameString", # required
          name: "NameString", # required
          column_names: ["NameString"],
          column_wildcard: {
            excluded_column_names: ["NameString"],
          },
        },
        data_location: {
          catalog_id: "CatalogIdString",
          resource_arn: "ResourceArnString", # required
        },
        data_cells_filter: {
          table_catalog_id: "CatalogIdString",
          database_name: "NameString",
          table_name: "NameString",
          name: "NameString",
        },
        lf_tag: {
          catalog_id: "CatalogIdString",
          tag_key: "NameString", # required
          tag_values: ["LFTagValue"], # required
        },
        lf_tag_policy: {
          catalog_id: "CatalogIdString",
          resource_type: "DATABASE", # required, accepts DATABASE, TABLE
          expression: [
            {
              tag_key: "LFTagKey", # required
              tag_values: ["LFTagValue"], # required
            },
          ],
          expression_name: "NameString",
        },
        lf_tag_expression: {
          catalog_id: "CatalogIdString",
          name: "NameString", # required
        },
      },
      permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
      condition: {
        expression: "ExpressionString",
      },
      permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
    },
  ],
})

Response structure

resp.failures #=> Array
resp.failures[0].request_entry.id #=> String
resp.failures[0].request_entry.principal.data_lake_principal_identifier #=> String
resp.failures[0].request_entry.resource.catalog.id #=> String
resp.failures[0].request_entry.resource.database.catalog_id #=> String
resp.failures[0].request_entry.resource.database.name #=> String
resp.failures[0].request_entry.resource.table.catalog_id #=> String
resp.failures[0].request_entry.resource.table.database_name #=> String
resp.failures[0].request_entry.resource.table.name #=> String
resp.failures[0].request_entry.resource.table_with_columns.catalog_id #=> String
resp.failures[0].request_entry.resource.table_with_columns.database_name #=> String
resp.failures[0].request_entry.resource.table_with_columns.name #=> String
resp.failures[0].request_entry.resource.table_with_columns.column_names #=> Array
resp.failures[0].request_entry.resource.table_with_columns.column_names[0] #=> String
resp.failures[0].request_entry.resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
resp.failures[0].request_entry.resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
resp.failures[0].request_entry.resource.data_location.catalog_id #=> String
resp.failures[0].request_entry.resource.data_location.resource_arn #=> String
resp.failures[0].request_entry.resource.data_cells_filter.table_catalog_id #=> String
resp.failures[0].request_entry.resource.data_cells_filter.database_name #=> String
resp.failures[0].request_entry.resource.data_cells_filter.table_name #=> String
resp.failures[0].request_entry.resource.data_cells_filter.name #=> String
resp.failures[0].request_entry.resource.lf_tag.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag.tag_key #=> String
resp.failures[0].request_entry.resource.lf_tag.tag_values #=> Array
resp.failures[0].request_entry.resource.lf_tag.tag_values[0] #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
resp.failures[0].request_entry.resource.lf_tag_policy.expression #=> Array
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_key #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values #=> Array
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values[0] #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.expression_name #=> String
resp.failures[0].request_entry.resource.lf_tag_expression.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag_expression.name #=> String
resp.failures[0].request_entry.permissions #=> Array
resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.failures[0].request_entry.condition.expression #=> String
resp.failures[0].request_entry.permissions_with_grant_option #=> Array
resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.failures[0].error.error_code #=> String
resp.failures[0].error.error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :entries (required, Array<Types::BatchPermissionsRequestEntry>) —

  A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.

Returns:

• (Types::BatchGrantPermissionsResponse) —

  Returns a response object which responds to the following methods:

  • #failures => Array<Types::BatchPermissionsFailureEntry>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 800

def batch_grant_permissions(params = {}, options = {})
  req = build_request(:batch_grant_permissions, params)
  req.send_request(options)
end

#batch_revoke_permissions(params = {}) ⇒ Types::BatchRevokePermissionsResponse

Batch operation to revoke permissions from the principal.

Examples:

Request syntax with placeholder values

resp = client.batch_revoke_permissions({
  catalog_id: "CatalogIdString",
  entries: [ # required
    {
      id: "Identifier", # required
      principal: {
        data_lake_principal_identifier: "DataLakePrincipalString",
      },
      resource: {
        catalog: {
          id: "CatalogIdString",
        },
        database: {
          catalog_id: "CatalogIdString",
          name: "NameString", # required
        },
        table: {
          catalog_id: "CatalogIdString",
          database_name: "NameString", # required
          name: "NameString",
          table_wildcard: {
          },
        },
        table_with_columns: {
          catalog_id: "CatalogIdString",
          database_name: "NameString", # required
          name: "NameString", # required
          column_names: ["NameString"],
          column_wildcard: {
            excluded_column_names: ["NameString"],
          },
        },
        data_location: {
          catalog_id: "CatalogIdString",
          resource_arn: "ResourceArnString", # required
        },
        data_cells_filter: {
          table_catalog_id: "CatalogIdString",
          database_name: "NameString",
          table_name: "NameString",
          name: "NameString",
        },
        lf_tag: {
          catalog_id: "CatalogIdString",
          tag_key: "NameString", # required
          tag_values: ["LFTagValue"], # required
        },
        lf_tag_policy: {
          catalog_id: "CatalogIdString",
          resource_type: "DATABASE", # required, accepts DATABASE, TABLE
          expression: [
            {
              tag_key: "LFTagKey", # required
              tag_values: ["LFTagValue"], # required
            },
          ],
          expression_name: "NameString",
        },
        lf_tag_expression: {
          catalog_id: "CatalogIdString",
          name: "NameString", # required
        },
      },
      permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
      condition: {
        expression: "ExpressionString",
      },
      permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
    },
  ],
})

Response structure

resp.failures #=> Array
resp.failures[0].request_entry.id #=> String
resp.failures[0].request_entry.principal.data_lake_principal_identifier #=> String
resp.failures[0].request_entry.resource.catalog.id #=> String
resp.failures[0].request_entry.resource.database.catalog_id #=> String
resp.failures[0].request_entry.resource.database.name #=> String
resp.failures[0].request_entry.resource.table.catalog_id #=> String
resp.failures[0].request_entry.resource.table.database_name #=> String
resp.failures[0].request_entry.resource.table.name #=> String
resp.failures[0].request_entry.resource.table_with_columns.catalog_id #=> String
resp.failures[0].request_entry.resource.table_with_columns.database_name #=> String
resp.failures[0].request_entry.resource.table_with_columns.name #=> String
resp.failures[0].request_entry.resource.table_with_columns.column_names #=> Array
resp.failures[0].request_entry.resource.table_with_columns.column_names[0] #=> String
resp.failures[0].request_entry.resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
resp.failures[0].request_entry.resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
resp.failures[0].request_entry.resource.data_location.catalog_id #=> String
resp.failures[0].request_entry.resource.data_location.resource_arn #=> String
resp.failures[0].request_entry.resource.data_cells_filter.table_catalog_id #=> String
resp.failures[0].request_entry.resource.data_cells_filter.database_name #=> String
resp.failures[0].request_entry.resource.data_cells_filter.table_name #=> String
resp.failures[0].request_entry.resource.data_cells_filter.name #=> String
resp.failures[0].request_entry.resource.lf_tag.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag.tag_key #=> String
resp.failures[0].request_entry.resource.lf_tag.tag_values #=> Array
resp.failures[0].request_entry.resource.lf_tag.tag_values[0] #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
resp.failures[0].request_entry.resource.lf_tag_policy.expression #=> Array
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_key #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values #=> Array
resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values[0] #=> String
resp.failures[0].request_entry.resource.lf_tag_policy.expression_name #=> String
resp.failures[0].request_entry.resource.lf_tag_expression.catalog_id #=> String
resp.failures[0].request_entry.resource.lf_tag_expression.name #=> String
resp.failures[0].request_entry.permissions #=> Array
resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.failures[0].request_entry.condition.expression #=> String
resp.failures[0].request_entry.permissions_with_grant_option #=> Array
resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.failures[0].error.error_code #=> String
resp.failures[0].error.error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :entries (required, Array<Types::BatchPermissionsRequestEntry>) —

  A list of up to 20 entries for resource permissions to be revoked by batch operation to the principal.

Returns:

• (Types::BatchRevokePermissionsResponse) —

  Returns a response object which responds to the following methods:

  • #failures => Array<Types::BatchPermissionsFailureEntry>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 944

def batch_revoke_permissions(params = {}, options = {})
  req = build_request(:batch_revoke_permissions, params)
  req.send_request(options)
end

#cancel_transaction(params = {}) ⇒ Struct

Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.

Examples:

Request syntax with placeholder values

resp = client.cancel_transaction({
  transaction_id: "TransactionIdString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :transaction_id (required, String) —

  The transaction to cancel.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 967

def cancel_transaction(params = {}, options = {})
  req = build_request(:cancel_transaction, params)
  req.send_request(options)
end

#commit_transaction(params = {}) ⇒ Types::CommitTransactionResponse

Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.

Examples:

Request syntax with placeholder values

resp = client.commit_transaction({
  transaction_id: "TransactionIdString", # required
})

Response structure

resp.transaction_status #=> String, one of "ACTIVE", "COMMITTED", "ABORTED", "COMMIT_IN_PROGRESS"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :transaction_id (required, String) —

  The transaction to commit.

Returns:

• (Types::CommitTransactionResponse) —

  Returns a response object which responds to the following methods:

  • #transaction_status => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 997

def commit_transaction(params = {}, options = {})
  req = build_request(:commit_transaction, params)
  req.send_request(options)
end

#create_data_cells_filter(params = {}) ⇒ Struct

Creates a data cell filter to allow one to grant access to certain columns on certain rows.

Examples:

Request syntax with placeholder values

resp = client.create_data_cells_filter({
  table_data: { # required
    table_catalog_id: "CatalogIdString", # required
    database_name: "NameString", # required
    table_name: "NameString", # required
    name: "NameString", # required
    row_filter: {
      filter_expression: "PredicateString",
      all_rows_wildcard: {
      },
    },
    column_names: ["NameString"],
    column_wildcard: {
      excluded_column_names: ["NameString"],
    },
    version_id: "VersionString",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_data (required, Types::DataCellsFilter) —

  A DataCellsFilter structure containing information about the data cells filter.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1036

def create_data_cells_filter(params = {}, options = {})
  req = build_request(:create_data_cells_filter, params)
  req.send_request(options)
end

#create_lake_formation_identity_center_configuration(params = {}) ⇒ Types::CreateLakeFormationIdentityCenterConfigurationResponse

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

Examples:

Request syntax with placeholder values

resp = client.create_lake_formation_identity_center_configuration({
  catalog_id: "CatalogIdString",
  instance_arn: "IdentityCenterInstanceArn",
  external_filtering: {
    status: "ENABLED", # required, accepts ENABLED, DISABLED
    authorized_targets: ["ScopeTarget"], # required
  },
  share_recipients: [
    {
      data_lake_principal_identifier: "DataLakePrincipalString",
    },
  ],
  service_integrations: [
    {
      redshift: [
        {
          redshift_connect: {
            authorization: "ENABLED", # required, accepts ENABLED, DISABLED
          },
        },
      ],
    },
  ],
})

Response structure

resp.application_arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

• :instance_arn (String) —

  The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

• :external_filtering (Types::ExternalFilteringConfiguration) —

  A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

• :share_recipients (Array<Types::DataLakePrincipal>) —

  A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

  If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources.

  If the ShareRecipients value is null or the list is empty, no resource share is created.

• :service_integrations (Array<Types::ServiceIntegrationUnion>) —

  A list of service integrations for enabling trusted identity propagation with external services such as Redshift.

Returns:

• (Types::CreateLakeFormationIdentityCenterConfigurationResponse) —

  Returns a response object which responds to the following methods:

  • #application_arn => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1200

def create_lake_formation_identity_center_configuration(params = {}, options = {})
  req = build_request(:create_lake_formation_identity_center_configuration, params)
  req.send_request(options)
end

#create_lake_formation_opt_in(params = {}) ⇒ Struct

Enforce Lake Formation permissions for the given databases, tables, and principals.

Examples:

Request syntax with placeholder values

resp = client.create_lake_formation_opt_in({
  principal: { # required
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  condition: {
    expression: "ExpressionString",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :principal (required, Types::DataLakePrincipal) —

  The Lake Formation principal. Supported principals are IAM users or IAM roles.

• :resource (required, Types::Resource) —

  A structure for the resource.

• :condition (Types::Condition) —

  A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1291

def create_lake_formation_opt_in(params = {}, options = {})
  req = build_request(:create_lake_formation_opt_in, params)
  req.send_request(options)
end

#create_lf_tag(params = {}) ⇒ Struct

Creates an LF-tag with the specified name and values.

Examples:

Request syntax with placeholder values

resp = client.create_lf_tag({
  catalog_id: "CatalogIdString",
  tag_key: "LFTagKey", # required
  tag_values: ["LFTagValue"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :tag_key (required, String) —

  The key-name for the LF-tag.

• :tag_values (required, Array<String>) —

  A list of possible values an attribute can take.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1069

def create_lf_tag(params = {}, options = {})
  req = build_request(:create_lf_tag, params)
  req.send_request(options)
end

#create_lf_tag_expression(params = {}) ⇒ Struct

Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body. This call fails if a LF-Tag expression with the same name already exists in the caller’s account or if the underlying LF-Tags don't exist. To call this API operation, caller needs the following Lake Formation permissions:

CREATE_LF_TAG_EXPRESSION on the root catalog resource.

GRANT_WITH_LF_TAG_EXPRESSION on all underlying LF-Tag key:value pairs included in the expression.

Examples:

Request syntax with placeholder values

resp = client.create_lf_tag_expression({
  name: "NameString", # required
  description: "DescriptionString",
  catalog_id: "CatalogIdString",
  expression: [ # required
    {
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  A name for the expression.

• :description (String) —

  A description with information about the LF-Tag expression.

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :expression (required, Array<Types::LFTag>) —

  A list of LF-Tag conditions (key-value pairs).

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1120

def create_lf_tag_expression(params = {}, options = {})
  req = build_request(:create_lf_tag_expression, params)
  req.send_request(options)
end

#delete_data_cells_filter(params = {}) ⇒ Struct

Deletes a data cell filter.

Examples:

Request syntax with placeholder values

resp = client.delete_data_cells_filter({
  table_catalog_id: "CatalogIdString",
  database_name: "NameString",
  table_name: "NameString",
  name: "NameString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_catalog_id (String) —

  The ID of the catalog to which the table belongs.

• :database_name (String) —

  A database in the Glue Data Catalog.

• :table_name (String) —

  A table in the database.

• :name (String) —

  The name given by the user to the data filter cell.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1325

def delete_data_cells_filter(params = {}, options = {})
  req = build_request(:delete_data_cells_filter, params)
  req.send_request(options)
end

#delete_lake_formation_identity_center_configuration(params = {}) ⇒ Struct

Deletes an IAM Identity Center connection with Lake Formation.

Examples:

Request syntax with placeholder values

resp = client.delete_lake_formation_identity_center_configuration({
  catalog_id: "CatalogIdString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definition, and other control information to manage your Lake Formation environment.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1415

def delete_lake_formation_identity_center_configuration(params = {}, options = {})
  req = build_request(:delete_lake_formation_identity_center_configuration, params)
  req.send_request(options)
end

#delete_lake_formation_opt_in(params = {}) ⇒ Struct

Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

Examples:

Request syntax with placeholder values

resp = client.delete_lake_formation_opt_in({
  principal: { # required
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  condition: {
    expression: "ExpressionString",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :principal (required, Types::DataLakePrincipal) —

  The Lake Formation principal. Supported principals are IAM users or IAM roles.

• :resource (required, Types::Resource) —

  A structure for the resource.

• :condition (Types::Condition) —

  A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1506

def delete_lake_formation_opt_in(params = {}, options = {})
  req = build_request(:delete_lake_formation_opt_in, params)
  req.send_request(options)
end

#delete_lf_tag(params = {}) ⇒ Struct

Deletes an LF-tag by its key name. The operation fails if the specified tag key doesn't exist. When you delete an LF-Tag:

• The associated LF-Tag policy becomes invalid.

• Resources that had this tag assigned will no longer have the tag policy applied to them.

Examples:

Request syntax with placeholder values

resp = client.delete_lf_tag({
  catalog_id: "CatalogIdString",
  tag_key: "LFTagKey", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :tag_key (required, String) —

  The key-name for the LF-tag to delete.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1360

def delete_lf_tag(params = {}, options = {})
  req = build_request(:delete_lf_tag, params)
  req.send_request(options)
end

#delete_lf_tag_expression(params = {}) ⇒ Struct

Deletes the LF-Tag expression. The caller must be a data lake admin or have DROP permissions on the LF-Tag expression. Deleting a LF-Tag expression will also delete all LFTagPolicy permissions referencing the LF-Tag expression.

Examples:

Request syntax with placeholder values

resp = client.delete_lf_tag_expression({
  name: "NameString", # required
  catalog_id: "CatalogIdString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name for the LF-Tag expression.

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID in which the LF-Tag expression is saved.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1390

def delete_lf_tag_expression(params = {}, options = {})
  req = build_request(:delete_lf_tag_expression, params)
  req.send_request(options)
end

#delete_objects_on_cancel(params = {}) ⇒ Struct

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.

The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.

Examples:

Request syntax with placeholder values

resp = client.delete_objects_on_cancel({
  catalog_id: "CatalogIdString",
  database_name: "NameString", # required
  table_name: "NameString", # required
  transaction_id: "TransactionIdString", # required
  objects: [ # required
    {
      uri: "URI", # required
      etag: "ETagString",
    },
  ],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The Glue data catalog that contains the governed table. Defaults to the current account ID.

• :database_name (required, String) —

  The database that contains the governed table.

• :table_name (required, String) —

  The name of the governed table.

• :transaction_id (required, String) —

  ID of the transaction that the writes occur in.

• :objects (required, Array<Types::VirtualObject>) —

  A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1564

def delete_objects_on_cancel(params = {}, options = {})
  req = build_request(:delete_objects_on_cancel, params)
  req.send_request(options)
end

#deregister_resource(params = {}) ⇒ Struct

Deregisters the resource as managed by the Data Catalog.

When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

Examples:

Request syntax with placeholder values

resp = client.deregister_resource({
  resource_arn: "ResourceArnString", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The Amazon Resource Name (ARN) of the resource that you want to deregister.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1590

def deregister_resource(params = {}, options = {})
  req = build_request(:deregister_resource, params)
  req.send_request(options)
end

#describe_lake_formation_identity_center_configuration(params = {}) ⇒ Types::DescribeLakeFormationIdentityCenterConfigurationResponse

Retrieves the instance ARN and application ARN for the connection.

Examples:

Request syntax with placeholder values

resp = client.describe_lake_formation_identity_center_configuration({
  catalog_id: "CatalogIdString",
})

Response structure

resp.catalog_id #=> String
resp.instance_arn #=> String
resp.application_arn #=> String
resp.external_filtering.status #=> String, one of "ENABLED", "DISABLED"
resp.external_filtering.authorized_targets #=> Array
resp.external_filtering.authorized_targets[0] #=> String
resp.share_recipients #=> Array
resp.share_recipients[0].data_lake_principal_identifier #=> String
resp.service_integrations #=> Array
resp.service_integrations[0].redshift #=> Array
resp.service_integrations[0].redshift[0].redshift_connect.authorization #=> String, one of "ENABLED", "DISABLED"
resp.resource_share #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Returns:

• (Types::DescribeLakeFormationIdentityCenterConfigurationResponse) —

  Returns a response object which responds to the following methods:

  • #catalog_id => String
  • #instance_arn => String
  • #application_arn => String
  • #external_filtering => Types::ExternalFilteringConfiguration
  • #share_recipients => Array<Types::DataLakePrincipal>
  • #service_integrations => Array<Types::ServiceIntegrationUnion>
  • #resource_share => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1638

def describe_lake_formation_identity_center_configuration(params = {}, options = {})
  req = build_request(:describe_lake_formation_identity_center_configuration, params)
  req.send_request(options)
end

#describe_resource(params = {}) ⇒ Types::DescribeResourceResponse

Retrieves the current data access role for the given resource registered in Lake Formation.

Examples:

Request syntax with placeholder values

resp = client.describe_resource({
  resource_arn: "ResourceArnString", # required
})

Response structure

resp.resource_info.resource_arn #=> String
resp.resource_info.role_arn #=> String
resp.resource_info.last_modified #=> Time
resp.resource_info.with_federation #=> Boolean
resp.resource_info.hybrid_access_enabled #=> Boolean
resp.resource_info.with_privileged_access #=> Boolean
resp.resource_info.verification_status #=> String, one of "VERIFIED", "VERIFICATION_FAILED", "NOT_VERIFIED"
resp.resource_info.expected_resource_owner_account #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The resource ARN.

Returns:

• (Types::DescribeResourceResponse) —

  Returns a response object which responds to the following methods:

  • #resource_info => Types::ResourceInfo

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1674

def describe_resource(params = {}, options = {})
  req = build_request(:describe_resource, params)
  req.send_request(options)
end

#describe_transaction(params = {}) ⇒ Types::DescribeTransactionResponse

Returns the details of a single transaction.

Examples:

Request syntax with placeholder values

resp = client.describe_transaction({
  transaction_id: "TransactionIdString", # required
})

Response structure

resp.transaction_description.transaction_id #=> String
resp.transaction_description.transaction_status #=> String, one of "ACTIVE", "COMMITTED", "ABORTED", "COMMIT_IN_PROGRESS"
resp.transaction_description.transaction_start_time #=> Time
resp.transaction_description.transaction_end_time #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :transaction_id (required, String) —

  The transaction for which to return status.

Returns:

• (Types::DescribeTransactionResponse) —

  Returns a response object which responds to the following methods:

  • #transaction_description => Types::TransactionDescription

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1705

def describe_transaction(params = {}, options = {})
  req = build_request(:describe_transaction, params)
  req.send_request(options)
end

#extend_transaction(params = {}) ⇒ Struct

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.

Examples:

Request syntax with placeholder values

resp = client.extend_transaction({
  transaction_id: "TransactionIdString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :transaction_id (String) —

  The transaction to extend.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1731

def extend_transaction(params = {}, options = {})
  req = build_request(:extend_transaction, params)
  req.send_request(options)
end

#get_data_cells_filter(params = {}) ⇒ Types::GetDataCellsFilterResponse

Returns a data cells filter.

Examples:

Request syntax with placeholder values

resp = client.get_data_cells_filter({
  table_catalog_id: "CatalogIdString", # required
  database_name: "NameString", # required
  table_name: "NameString", # required
  name: "NameString", # required
})

Response structure

resp.data_cells_filter.table_catalog_id #=> String
resp.data_cells_filter.database_name #=> String
resp.data_cells_filter.table_name #=> String
resp.data_cells_filter.name #=> String
resp.data_cells_filter.row_filter.filter_expression #=> String
resp.data_cells_filter.column_names #=> Array
resp.data_cells_filter.column_names[0] #=> String
resp.data_cells_filter.column_wildcard.excluded_column_names #=> Array
resp.data_cells_filter.column_wildcard.excluded_column_names[0] #=> String
resp.data_cells_filter.version_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_catalog_id (required, String) —

  The ID of the catalog to which the table belongs.

• :database_name (required, String) —

  A database in the Glue Data Catalog.

• :table_name (required, String) —

  A table in the database.

• :name (required, String) —

  The name given by the user to the data filter cell.

Returns:

• (Types::GetDataCellsFilterResponse) —

  Returns a response object which responds to the following methods:

  • #data_cells_filter => Types::DataCellsFilter

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1780

def get_data_cells_filter(params = {}, options = {})
  req = build_request(:get_data_cells_filter, params)
  req.send_request(options)
end

#get_data_lake_principal(params = {}) ⇒ Types::GetDataLakePrincipalResponse

Returns the identity of the invoking principal.

Examples:

Response structure

resp.identity #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetDataLakePrincipalResponse) —

  Returns a response object which responds to the following methods:

  • #identity => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1799

def get_data_lake_principal(params = {}, options = {})
  req = build_request(:get_data_lake_principal, params)
  req.send_request(options)
end

#get_data_lake_settings(params = {}) ⇒ Types::GetDataLakeSettingsResponse

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

Examples:

Request syntax with placeholder values

resp = client.get_data_lake_settings({
  catalog_id: "CatalogIdString",
})

Response structure

resp.data_lake_settings.data_lake_admins #=> Array
resp.data_lake_settings.data_lake_admins[0].data_lake_principal_identifier #=> String
resp.data_lake_settings.read_only_admins #=> Array
resp.data_lake_settings.read_only_admins[0].data_lake_principal_identifier #=> String
resp.data_lake_settings.create_database_default_permissions #=> Array
resp.data_lake_settings.create_database_default_permissions[0].principal.data_lake_principal_identifier #=> String
resp.data_lake_settings.create_database_default_permissions[0].permissions #=> Array
resp.data_lake_settings.create_database_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.data_lake_settings.create_table_default_permissions #=> Array
resp.data_lake_settings.create_table_default_permissions[0].principal.data_lake_principal_identifier #=> String
resp.data_lake_settings.create_table_default_permissions[0].permissions #=> Array
resp.data_lake_settings.create_table_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.data_lake_settings.parameters #=> Hash
resp.data_lake_settings.parameters["KeyString"] #=> String
resp.data_lake_settings.trusted_resource_owners #=> Array
resp.data_lake_settings.trusted_resource_owners[0] #=> String
resp.data_lake_settings.allow_external_data_filtering #=> Boolean
resp.data_lake_settings.allow_full_table_external_data_access #=> Boolean
resp.data_lake_settings.external_data_filtering_allow_list #=> Array
resp.data_lake_settings.external_data_filtering_allow_list[0].data_lake_principal_identifier #=> String
resp.data_lake_settings.authorized_session_tag_value_list #=> Array
resp.data_lake_settings.authorized_session_tag_value_list[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Returns:

• (Types::GetDataLakeSettingsResponse) —

  Returns a response object which responds to the following methods:

  • #data_lake_settings => Types::DataLakeSettings

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1852

def get_data_lake_settings(params = {}, options = {})
  req = build_request(:get_data_lake_settings, params)
  req.send_request(options)
end

#get_effective_permissions_for_path(params = {}) ⇒ Types::GetEffectivePermissionsForPathResponse

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_effective_permissions_for_path({
  catalog_id: "CatalogIdString",
  resource_arn: "ResourceArnString", # required
  next_token: "Token",
  max_results: 1,
})

Response structure

resp.permissions #=> Array
resp.permissions[0].principal.data_lake_principal_identifier #=> String
resp.permissions[0].resource.catalog.id #=> String
resp.permissions[0].resource.database.catalog_id #=> String
resp.permissions[0].resource.database.name #=> String
resp.permissions[0].resource.table.catalog_id #=> String
resp.permissions[0].resource.table.database_name #=> String
resp.permissions[0].resource.table.name #=> String
resp.permissions[0].resource.table_with_columns.catalog_id #=> String
resp.permissions[0].resource.table_with_columns.database_name #=> String
resp.permissions[0].resource.table_with_columns.name #=> String
resp.permissions[0].resource.table_with_columns.column_names #=> Array
resp.permissions[0].resource.table_with_columns.column_names[0] #=> String
resp.permissions[0].resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
resp.permissions[0].resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
resp.permissions[0].resource.data_location.catalog_id #=> String
resp.permissions[0].resource.data_location.resource_arn #=> String
resp.permissions[0].resource.data_cells_filter.table_catalog_id #=> String
resp.permissions[0].resource.data_cells_filter.database_name #=> String
resp.permissions[0].resource.data_cells_filter.table_name #=> String
resp.permissions[0].resource.data_cells_filter.name #=> String
resp.permissions[0].resource.lf_tag.catalog_id #=> String
resp.permissions[0].resource.lf_tag.tag_key #=> String
resp.permissions[0].resource.lf_tag.tag_values #=> Array
resp.permissions[0].resource.lf_tag.tag_values[0] #=> String
resp.permissions[0].resource.lf_tag_policy.catalog_id #=> String
resp.permissions[0].resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
resp.permissions[0].resource.lf_tag_policy.expression #=> Array
resp.permissions[0].resource.lf_tag_policy.expression[0].tag_key #=> String
resp.permissions[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
resp.permissions[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
resp.permissions[0].resource.lf_tag_policy.expression_name #=> String
resp.permissions[0].resource.lf_tag_expression.catalog_id #=> String
resp.permissions[0].resource.lf_tag_expression.name #=> String
resp.permissions[0].condition.expression #=> String
resp.permissions[0].permissions #=> Array
resp.permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.permissions[0].permissions_with_grant_option #=> Array
resp.permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.permissions[0].additional_details.resource_share #=> Array
resp.permissions[0].additional_details.resource_share[0] #=> String
resp.permissions[0].last_updated #=> Time
resp.permissions[0].last_updated_by #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :resource_arn (required, String) —

  The Amazon Resource Name (ARN) of the resource for which you want to get permissions.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

• :max_results (Integer) —

  The maximum number of results to return.

Returns:

• (Types::GetEffectivePermissionsForPathResponse) —

  Returns a response object which responds to the following methods:

  • #permissions => Array<Types::PrincipalResourcePermissions>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1946

def get_effective_permissions_for_path(params = {}, options = {})
  req = build_request(:get_effective_permissions_for_path, params)
  req.send_request(options)
end

#get_lf_tag(params = {}) ⇒ Types::GetLFTagResponse

Returns an LF-tag definition.

Examples:

Request syntax with placeholder values

resp = client.get_lf_tag({
  catalog_id: "CatalogIdString",
  tag_key: "LFTagKey", # required
})

Response structure

resp.catalog_id #=> String
resp.tag_key #=> String
resp.tag_values #=> Array
resp.tag_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :tag_key (required, String) —

  The key-name for the LF-tag.

Returns:

• (Types::GetLFTagResponse) —

  Returns a response object which responds to the following methods:

  • #catalog_id => String
  • #tag_key => String
  • #tag_values => Array<String>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 1986

def get_lf_tag(params = {}, options = {})
  req = build_request(:get_lf_tag, params)
  req.send_request(options)
end

#get_lf_tag_expression(params = {}) ⇒ Types::GetLFTagExpressionResponse

Returns the details about the LF-Tag expression. The caller must be a data lake admin or must have DESCRIBE permission on the LF-Tag expression resource.

Examples:

Request syntax with placeholder values

resp = client.get_lf_tag_expression({
  name: "NameString", # required
  catalog_id: "CatalogIdString",
})

Response structure

resp.name #=> String
resp.description #=> String
resp.catalog_id #=> String
resp.expression #=> Array
resp.expression[0].tag_key #=> String
resp.expression[0].tag_values #=> Array
resp.expression[0].tag_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name for the LF-Tag expression

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID.

Returns:

• (Types::GetLFTagExpressionResponse) —

  Returns a response object which responds to the following methods:

  • #name => String
  • #description => String
  • #catalog_id => String
  • #expression => Array<Types::LFTag>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2029

def get_lf_tag_expression(params = {}, options = {})
  req = build_request(:get_lf_tag_expression, params)
  req.send_request(options)
end

#get_query_state(params = {}) ⇒ Types::GetQueryStateResponse

Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.

Examples:

Request syntax with placeholder values

resp = client.get_query_state({
  query_id: "GetQueryStateRequestQueryIdString", # required
})

Response structure

resp.error #=> String
resp.state #=> String, one of "PENDING", "WORKUNITS_AVAILABLE", "ERROR", "FINISHED", "EXPIRED"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :query_id (required, String) —

  The ID of the plan query operation.

Returns:

• (Types::GetQueryStateResponse) —

  Returns a response object which responds to the following methods:

  • #error => String
  • #state => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2063

def get_query_state(params = {}, options = {})
  req = build_request(:get_query_state, params)
  req.send_request(options)
end

#get_query_statistics(params = {}) ⇒ Types::GetQueryStatisticsResponse

Retrieves statistics on the planning and execution of a query.

Examples:

Request syntax with placeholder values

resp = client.get_query_statistics({
  query_id: "GetQueryStatisticsRequestQueryIdString", # required
})

Response structure

resp.execution_statistics.average_execution_time_millis #=> Integer
resp.execution_statistics.data_scanned_bytes #=> Integer
resp.execution_statistics.work_units_executed_count #=> Integer
resp.planning_statistics.estimated_data_to_scan_bytes #=> Integer
resp.planning_statistics.planning_time_millis #=> Integer
resp.planning_statistics.queue_time_millis #=> Integer
resp.planning_statistics.work_units_generated_count #=> Integer
resp.query_submission_time #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :query_id (required, String) —

  The ID of the plan query operation.

Returns:

• (Types::GetQueryStatisticsResponse) —

  Returns a response object which responds to the following methods:

  • #execution_statistics => Types::ExecutionStatistics
  • #planning_statistics => Types::PlanningStatistics
  • #query_submission_time => Time

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2100

def get_query_statistics(params = {}, options = {})
  req = build_request(:get_query_statistics, params)
  req.send_request(options)
end

#get_resource_lf_tags(params = {}) ⇒ Types::GetResourceLFTagsResponse

Returns the LF-tags applied to a resource.

Examples:

Request syntax with placeholder values

resp = client.get_resource_lf_tags({
  catalog_id: "CatalogIdString",
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  show_assigned_lf_tags: false,
})

Response structure

resp.lf_tag_on_database #=> Array
resp.lf_tag_on_database[0].catalog_id #=> String
resp.lf_tag_on_database[0].tag_key #=> String
resp.lf_tag_on_database[0].tag_values #=> Array
resp.lf_tag_on_database[0].tag_values[0] #=> String
resp.lf_tags_on_table #=> Array
resp.lf_tags_on_table[0].catalog_id #=> String
resp.lf_tags_on_table[0].tag_key #=> String
resp.lf_tags_on_table[0].tag_values #=> Array
resp.lf_tags_on_table[0].tag_values[0] #=> String
resp.lf_tags_on_columns #=> Array
resp.lf_tags_on_columns[0].name #=> String
resp.lf_tags_on_columns[0].lf_tags #=> Array
resp.lf_tags_on_columns[0].lf_tags[0].catalog_id #=> String
resp.lf_tags_on_columns[0].lf_tags[0].tag_key #=> String
resp.lf_tags_on_columns[0].lf_tags[0].tag_values #=> Array
resp.lf_tags_on_columns[0].lf_tags[0].tag_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :resource (required, Types::Resource) —

  The database, table, or column resource for which you want to return LF-tags.

• :show_assigned_lf_tags (Boolean) —

  Indicates whether to show the assigned LF-tags.

Returns:

• (Types::GetResourceLFTagsResponse) —

  Returns a response object which responds to the following methods:

  • #lf_tag_on_database => Array<Types::LFTagPair>
  • #lf_tags_on_table => Array<Types::LFTagPair>
  • #lf_tags_on_columns => Array<Types::ColumnLFTag>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2212

def get_resource_lf_tags(params = {}, options = {})
  req = build_request(:get_resource_lf_tags, params)
  req.send_request(options)
end

#get_table_objects(params = {}) ⇒ Types::GetTableObjectsResponse

Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_table_objects({
  catalog_id: "CatalogIdString",
  database_name: "NameString", # required
  table_name: "NameString", # required
  transaction_id: "TransactionIdString",
  query_as_of_time: Time.now,
  partition_predicate: "PredicateString",
  max_results: 1,
  next_token: "TokenString",
})

Response structure

resp.objects #=> Array
resp.objects[0].partition_values #=> Array
resp.objects[0].partition_values[0] #=> String
resp.objects[0].objects #=> Array
resp.objects[0].objects[0].uri #=> String
resp.objects[0].objects[0].etag #=> String
resp.objects[0].objects[0].size #=> Integer
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The catalog containing the governed table. Defaults to the caller’s account.

• :database_name (required, String) —

  The database containing the governed table.

• :table_name (required, String) —

  The governed table for which to retrieve objects.

• :transaction_id (String) —

  The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with QueryAsOfTime.

• :query_as_of_time (Time, DateTime, Date, Integer, String) —

  The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with TransactionId.

• :partition_predicate (String) —

  A predicate to filter the objects returned based on the partition keys defined in the governed table.

  • The comparison operators supported are: =, >, <, >=, <=

  • The logical operators supported are: AND

  • The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.

• :max_results (Integer) —

  Specifies how many values to return in a page.

• :next_token (String) —

  A continuation token if this is not the first call to retrieve these objects.

Returns:

• (Types::GetTableObjectsResponse) —

  Returns a response object which responds to the following methods:

  • #objects => Array<Types::PartitionObjects>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2296

def get_table_objects(params = {}, options = {})
  req = build_request(:get_table_objects, params)
  req.send_request(options)
end

#get_temporary_data_location_credentials(params = {}) ⇒ Types::GetTemporaryDataLocationCredentialsResponse

Allows a user or application in a secure environment to access data in a specific Amazon S3 location registered with Lake Formation by providing temporary scoped credentials that are limited to the requested data location and the caller's authorized access level.

The API operation returns an error in the following scenarios:

• The data location is not registered with Lake Formation.

• No Glue table is associated with the data location.

• The caller doesn't have required permissions on the associated table. The caller must have SELECT or SUPER permissions on the associated table, and credential vending for full table access must be enabled in the data lake settings.

  For more information, see Application integration for full table access.

• The data location is in a different Amazon Web Services Region. Lake Formation doesn't support cross-Region access when vending credentials for a data location. Lake Formation only supports Amazon S3 paths registered within the same Region as the API call.

Examples:

Request syntax with placeholder values

resp = client.get_temporary_data_location_credentials({
  duration_seconds: 1,
  audit_context: {
    additional_audit_context: "AuditContextString",
  },
  data_locations: ["PathString"],
  credentials_scope: "READ", # accepts READ, READWRITE
})

Response structure

resp.credentials.access_key_id #=> String
resp.credentials.secret_access_key #=> String
resp.credentials.session_token #=> String
resp.credentials.expiration #=> Time
resp.accessible_data_locations #=> Array
resp.accessible_data_locations[0] #=> String
resp.credentials_scope #=> String, one of "READ", "READWRITE"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :duration_seconds (Integer) —

  The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.

• :audit_context (Types::AuditContext) —

  A structure used to include auditing information on the privileged API.

• :data_locations (Array<String>) —

  The Amazon S3 data location that you want to access.

• :credentials_scope (String) —

  The credential scope is determined by the caller's Lake Formation permission on the associated table. Credential scope can be either:

  • READ - Provides read-only access to the data location.

  • READ_WRITE - Provides both read and write access to the data location.

Returns:

• (Types::GetTemporaryDataLocationCredentialsResponse) —

  Returns a response object which responds to the following methods:

  • #credentials => Types::TemporaryCredentials
  • #accessible_data_locations => Array<String>
  • #credentials_scope => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2380

def get_temporary_data_location_credentials(params = {}, options = {})
  req = build_request(:get_temporary_data_location_credentials, params)
  req.send_request(options)
end

#get_temporary_glue_partition_credentials(params = {}) ⇒ Types::GetTemporaryGluePartitionCredentialsResponse

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

Examples:

Request syntax with placeholder values

resp = client.get_temporary_glue_partition_credentials({
  table_arn: "ResourceArnString", # required
  partition: { # required
    values: ["ValueString"], # required
  },
  permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
  duration_seconds: 1,
  audit_context: {
    additional_audit_context: "AuditContextString",
  },
  supported_permission_types: ["COLUMN_PERMISSION"], # accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION, NESTED_PERMISSION, NESTED_CELL_PERMISSION
})

Response structure

resp.access_key_id #=> String
resp.secret_access_key #=> String
resp.session_token #=> String
resp.expiration #=> Time

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_arn (required, String) —

  The ARN of the partitions' table.

• :partition (required, Types::PartitionValueList) —

  A list of partition values identifying a single partition.

• :permissions (Array<String>) —

  Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

• :duration_seconds (Integer) —

  The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

• :audit_context (Types::AuditContext) —

  A structure representing context to access a resource (column names, query ID, etc).

• :supported_permission_types (Array<String>) —

  A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

Returns:

• (Types::GetTemporaryGluePartitionCredentialsResponse) —

  Returns a response object which responds to the following methods:

  • #access_key_id => String
  • #secret_access_key => String
  • #session_token => String
  • #expiration => Time

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2446

def get_temporary_glue_partition_credentials(params = {}, options = {})
  req = build_request(:get_temporary_glue_partition_credentials, params)
  req.send_request(options)
end

#get_temporary_glue_table_credentials(params = {}) ⇒ Types::GetTemporaryGlueTableCredentialsResponse

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

To call this API, the role that the service assumes must have lakeformation:GetDataAccess permission on the resource.

Examples:

Request syntax with placeholder values

resp = client.get_temporary_glue_table_credentials({
  table_arn: "ResourceArnString", # required
  permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
  duration_seconds: 1,
  audit_context: {
    additional_audit_context: "AuditContextString",
  },
  supported_permission_types: ["COLUMN_PERMISSION"], # accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION, NESTED_PERMISSION, NESTED_CELL_PERMISSION
  s3_path: "PathString",
  query_session_context: {
    query_id: "HashString",
    query_start_time: Time.now,
    cluster_id: "NullableString",
    query_authorization_id: "HashString",
    additional_context: {
      "ContextKey" => "ContextValue",
    },
  },
})

Response structure

resp.access_key_id #=> String
resp.secret_access_key #=> String
resp.session_token #=> String
resp.expiration #=> Time
resp.vended_s3_path #=> Array
resp.vended_s3_path[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_arn (required, String) —

  The ARN identifying a table in the Data Catalog for the temporary credentials request.

• :permissions (Array<String>) —

  Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

• :duration_seconds (Integer) —

  The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

• :audit_context (Types::AuditContext) —

  A structure representing context to access a resource (column names, query ID, etc).

• :supported_permission_types (Array<String>) —

  A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

• :s3_path (String) —

  The Amazon S3 path for the table.

• :query_session_context (Types::QuerySessionContext) —

  A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.

Returns:

• (Types::GetTemporaryGlueTableCredentialsResponse) —

  Returns a response object which responds to the following methods:

  • #access_key_id => String
  • #secret_access_key => String
  • #session_token => String
  • #expiration => Time
  • #vended_s3_path => Array<String>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2532

def get_temporary_glue_table_credentials(params = {}, options = {})
  req = build_request(:get_temporary_glue_table_credentials, params)
  req.send_request(options)
end

#get_work_unit_results(params = {}) ⇒ Types::GetWorkUnitResultsResponse

Returns the work units resulting from the query. Work units can be executed in any order and in parallel.

Examples:

Request syntax with placeholder values

resp = client.get_work_unit_results({
  query_id: "GetWorkUnitResultsRequestQueryIdString", # required
  work_unit_id: 1, # required
  work_unit_token: "SyntheticGetWorkUnitResultsRequestWorkUnitTokenString", # required
})

Response structure

resp.result_stream #=> IO

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :query_id (required, String) —

  The ID of the plan query operation for which to get results.

• :work_unit_id (required, Integer) —

  The work unit ID for which to get results. Value generated by enumerating WorkUnitIdMin to WorkUnitIdMax (inclusive) from the WorkUnitRange in the output of GetWorkUnits.

• :work_unit_token (required, String) —

  A work token used to query the execution service. Token output from GetWorkUnits.

Returns:

• (Types::GetWorkUnitResultsResponse) —

  Returns a response object which responds to the following methods:

  • #result_stream => IO

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2572

def get_work_unit_results(params = {}, options = {}, &block)
  req = build_request(:get_work_unit_results, params)
  req.send_request(options, &block)
end

#get_work_units(params = {}) ⇒ Types::GetWorkUnitsResponse

Retrieves the work units generated by the StartQueryPlanning operation.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.get_work_units({
  next_token: "Token",
  page_size: 1,
  query_id: "GetWorkUnitsRequestQueryIdString", # required
})

Response structure

resp.next_token #=> String
resp.query_id #=> String
resp.work_unit_ranges #=> Array
resp.work_unit_ranges[0].work_unit_id_max #=> Integer
resp.work_unit_ranges[0].work_unit_id_min #=> Integer
resp.work_unit_ranges[0].work_unit_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  A continuation token, if this is a continuation call.

• :page_size (Integer) —

  The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.

• :query_id (required, String) —

  The ID of the plan query operation.

Returns:

• (Types::GetWorkUnitsResponse) —

  Returns a response object which responds to the following methods:

  • #next_token => String
  • #query_id => String
  • #work_unit_ranges => Array<Types::WorkUnitRange>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2623

def get_work_units(params = {}, options = {})
  req = build_request(:get_work_units, params)
  req.send_request(options)
end

#grant_permissions(params = {}) ⇒ Struct

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

For information about permissions, see Security and Access Control to Metadata and Data.

Examples:

Request syntax with placeholder values

resp = client.grant_permissions({
  catalog_id: "CatalogIdString",
  principal: { # required
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
  condition: {
    expression: "ExpressionString",
  },
  permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :principal (required, Types::DataLakePrincipal) —

  The principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles, and they are defined by their principal type and their ARN.

  Note that if you define a resource with a particular ARN, then later delete, and recreate a resource with that same ARN, the resource maintains the permissions already granted.

• :resource (required, Types::Resource) —

  The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.

• :permissions (required, Array<String>) —

  The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.

• :condition (Types::Condition) —

  A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

• :permissions_with_grant_option (Array<String>) —

  Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the Privileges.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2749

def grant_permissions(params = {}, options = {})
  req = build_request(:grant_permissions, params)
  req.send_request(options)
end

#list_data_cells_filter(params = {}) ⇒ Types::ListDataCellsFilterResponse

Lists all the data cell filters on a table.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_data_cells_filter({
  table: {
    catalog_id: "CatalogIdString",
    database_name: "NameString", # required
    name: "NameString",
    table_wildcard: {
    },
  },
  next_token: "Token",
  max_results: 1,
})

Response structure

resp.data_cells_filters #=> Array
resp.data_cells_filters[0].table_catalog_id #=> String
resp.data_cells_filters[0].database_name #=> String
resp.data_cells_filters[0].table_name #=> String
resp.data_cells_filters[0].name #=> String
resp.data_cells_filters[0].row_filter.filter_expression #=> String
resp.data_cells_filters[0].column_names #=> Array
resp.data_cells_filters[0].column_names[0] #=> String
resp.data_cells_filters[0].column_wildcard.excluded_column_names #=> Array
resp.data_cells_filters[0].column_wildcard.excluded_column_names[0] #=> String
resp.data_cells_filters[0].version_id #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table (Types::TableResource) —

  A table in the Glue Data Catalog.

• :next_token (String) —

  A continuation token, if this is a continuation call.

• :max_results (Integer) —

  The maximum size of the response.

Returns:

• (Types::ListDataCellsFilterResponse) —

  Returns a response object which responds to the following methods:

  • #data_cells_filters => Array<Types::DataCellsFilter>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2805

def list_data_cells_filter(params = {}, options = {})
  req = build_request(:list_data_cells_filter, params)
  req.send_request(options)
end

#list_lake_formation_opt_ins(params = {}) ⇒ Types::ListLakeFormationOptInsResponse

Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_lake_formation_opt_ins({
  principal: {
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource: {
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  max_results: 1,
  next_token: "Token",
})

Response structure

resp.lake_formation_opt_ins_info_list #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.catalog.id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.database.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.database.name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table.database_name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table.name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.database_name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_names #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_names[0] #=> String
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_location.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_location.resource_arn #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.table_catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.database_name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.table_name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_key #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_values #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_values[0] #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_key #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression_name #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_expression.catalog_id #=> String
resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_expression.name #=> String
resp.lake_formation_opt_ins_info_list[0].principal.data_lake_principal_identifier #=> String
resp.lake_formation_opt_ins_info_list[0].condition.expression #=> String
resp.lake_formation_opt_ins_info_list[0].last_modified #=> Time
resp.lake_formation_opt_ins_info_list[0].last_updated_by #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :principal (Types::DataLakePrincipal) —

  The Lake Formation principal. Supported principals are IAM users or IAM roles.

• :resource (Types::Resource) —

  A structure for the resource.

• :max_results (Integer) —

  The maximum number of results to return.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

Returns:

• (Types::ListLakeFormationOptInsResponse) —

  Returns a response object which responds to the following methods:

  • #lake_formation_opt_ins_info_list => Array<Types::LakeFormationOptInsInfo>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3051

def list_lake_formation_opt_ins(params = {}, options = {})
  req = build_request(:list_lake_formation_opt_ins, params)
  req.send_request(options)
end

#list_lf_tag_expressions(params = {}) ⇒ Types::ListLFTagExpressionsResponse

Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions. Data Lake and read only admins implicitly can see all tag expressions in their account, else caller needs DESCRIBE permissions on tag expression.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_lf_tag_expressions({
  catalog_id: "CatalogIdString",
  max_results: 1,
  next_token: "Token",
})

Response structure

resp.lf_tag_expressions #=> Array
resp.lf_tag_expressions[0].name #=> String
resp.lf_tag_expressions[0].description #=> String
resp.lf_tag_expressions[0].catalog_id #=> String
resp.lf_tag_expressions[0].expression #=> Array
resp.lf_tag_expressions[0].expression[0].tag_key #=> String
resp.lf_tag_expressions[0].expression[0].tag_values #=> Array
resp.lf_tag_expressions[0].expression[0].tag_values[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID.

• :max_results (Integer) —

  The maximum number of results to return.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

Returns:

• (Types::ListLFTagExpressionsResponse) —

  Returns a response object which responds to the following methods:

  • #lf_tag_expressions => Array<Types::LFTagExpression>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2856

def list_lf_tag_expressions(params = {}, options = {})
  req = build_request(:list_lf_tag_expressions, params)
  req.send_request(options)
end

#list_lf_tags(params = {}) ⇒ Types::ListLFTagsResponse

Lists LF-tags that the requester has permission to view.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_lf_tags({
  catalog_id: "CatalogIdString",
  resource_share_type: "FOREIGN", # accepts FOREIGN, ALL
  max_results: 1,
  next_token: "Token",
})

Response structure

resp.lf_tags #=> Array
resp.lf_tags[0].catalog_id #=> String
resp.lf_tags[0].tag_key #=> String
resp.lf_tags[0].tag_values #=> Array
resp.lf_tags[0].tag_values[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :resource_share_type (String) —

  If resource share type is ALL, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type is FOREIGN, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.

• :max_results (Integer) —

  The maximum number of results to return.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

Returns:

• (Types::ListLFTagsResponse) —

  Returns a response object which responds to the following methods:

  • #lf_tags => Array<Types::LFTagPair>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 2912

def list_lf_tags(params = {}, options = {})
  req = build_request(:list_lf_tags, params)
  req.send_request(options)
end

#list_permissions(params = {}) ⇒ Types::ListPermissionsResponse

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

This operation returns only those permissions that have been explicitly granted. If both Principal and Resource parameters are provided, the response returns effective permissions rather than the explicitly granted permissions.

For information about permissions, see Security and Access Control to Metadata and Data.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_permissions({
  catalog_id: "CatalogIdString",
  principal: {
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource_type: "CATALOG", # accepts CATALOG, DATABASE, TABLE, DATA_LOCATION, LF_TAG, LF_TAG_POLICY, LF_TAG_POLICY_DATABASE, LF_TAG_POLICY_TABLE, LF_NAMED_TAG_EXPRESSION
  resource: {
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  next_token: "Token",
  max_results: 1,
  include_related: "TrueFalseString",
})

Response structure

resp.principal_resource_permissions #=> Array
resp.principal_resource_permissions[0].principal.data_lake_principal_identifier #=> String
resp.principal_resource_permissions[0].resource.catalog.id #=> String
resp.principal_resource_permissions[0].resource.database.catalog_id #=> String
resp.principal_resource_permissions[0].resource.database.name #=> String
resp.principal_resource_permissions[0].resource.table.catalog_id #=> String
resp.principal_resource_permissions[0].resource.table.database_name #=> String
resp.principal_resource_permissions[0].resource.table.name #=> String
resp.principal_resource_permissions[0].resource.table_with_columns.catalog_id #=> String
resp.principal_resource_permissions[0].resource.table_with_columns.database_name #=> String
resp.principal_resource_permissions[0].resource.table_with_columns.name #=> String
resp.principal_resource_permissions[0].resource.table_with_columns.column_names #=> Array
resp.principal_resource_permissions[0].resource.table_with_columns.column_names[0] #=> String
resp.principal_resource_permissions[0].resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
resp.principal_resource_permissions[0].resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
resp.principal_resource_permissions[0].resource.data_location.catalog_id #=> String
resp.principal_resource_permissions[0].resource.data_location.resource_arn #=> String
resp.principal_resource_permissions[0].resource.data_cells_filter.table_catalog_id #=> String
resp.principal_resource_permissions[0].resource.data_cells_filter.database_name #=> String
resp.principal_resource_permissions[0].resource.data_cells_filter.table_name #=> String
resp.principal_resource_permissions[0].resource.data_cells_filter.name #=> String
resp.principal_resource_permissions[0].resource.lf_tag.catalog_id #=> String
resp.principal_resource_permissions[0].resource.lf_tag.tag_key #=> String
resp.principal_resource_permissions[0].resource.lf_tag.tag_values #=> Array
resp.principal_resource_permissions[0].resource.lf_tag.tag_values[0] #=> String
resp.principal_resource_permissions[0].resource.lf_tag_policy.catalog_id #=> String
resp.principal_resource_permissions[0].resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
resp.principal_resource_permissions[0].resource.lf_tag_policy.expression #=> Array
resp.principal_resource_permissions[0].resource.lf_tag_policy.expression[0].tag_key #=> String
resp.principal_resource_permissions[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
resp.principal_resource_permissions[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
resp.principal_resource_permissions[0].resource.lf_tag_policy.expression_name #=> String
resp.principal_resource_permissions[0].resource.lf_tag_expression.catalog_id #=> String
resp.principal_resource_permissions[0].resource.lf_tag_expression.name #=> String
resp.principal_resource_permissions[0].condition.expression #=> String
resp.principal_resource_permissions[0].permissions #=> Array
resp.principal_resource_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.principal_resource_permissions[0].permissions_with_grant_option #=> Array
resp.principal_resource_permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION", "CREATE_LF_TAG_EXPRESSION", "CREATE_CATALOG", "SUPER_USER"
resp.principal_resource_permissions[0].additional_details.resource_share #=> Array
resp.principal_resource_permissions[0].additional_details.resource_share[0] #=> String
resp.principal_resource_permissions[0].last_updated #=> Time
resp.principal_resource_permissions[0].last_updated_by #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :principal (Types::DataLakePrincipal) —

  Specifies a principal to filter the permissions returned.

• :resource_type (String) —

  Specifies a resource type to filter the permissions returned.

• :resource (Types::Resource) —

  A resource where you will get a list of the principal permissions.

  This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

• :max_results (Integer) —

  The maximum number of results to return.

• :include_related (String) —

  Indicates that related permissions should be included in the results when listing permissions on a table resource.

  Set the field to TRUE to show the cell filters on a table resource. Default is FALSE. The Principal parameter must not be specified when requesting cell filter information.

Returns:

• (Types::ListPermissionsResponse) —

  Returns a response object which responds to the following methods:

  • #principal_resource_permissions => Array<Types::PrincipalResourcePermissions>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3233

def list_permissions(params = {}, options = {})
  req = build_request(:list_permissions, params)
  req.send_request(options)
end

#list_resources(params = {}) ⇒ Types::ListResourcesResponse

Lists the resources registered to be managed by the Data Catalog.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_resources({
  filter_condition_list: [
    {
      field: "RESOURCE_ARN", # accepts RESOURCE_ARN, ROLE_ARN, LAST_MODIFIED
      comparison_operator: "EQ", # accepts EQ, NE, LE, LT, GE, GT, CONTAINS, NOT_CONTAINS, BEGINS_WITH, IN, BETWEEN
      string_value_list: ["StringValue"],
    },
  ],
  max_results: 1,
  next_token: "Token",
})

Response structure

resp.resource_info_list #=> Array
resp.resource_info_list[0].resource_arn #=> String
resp.resource_info_list[0].role_arn #=> String
resp.resource_info_list[0].last_modified #=> Time
resp.resource_info_list[0].with_federation #=> Boolean
resp.resource_info_list[0].hybrid_access_enabled #=> Boolean
resp.resource_info_list[0].with_privileged_access #=> Boolean
resp.resource_info_list[0].verification_status #=> String, one of "VERIFIED", "VERIFICATION_FAILED", "NOT_VERIFIED"
resp.resource_info_list[0].expected_resource_owner_account #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :filter_condition_list (Array<Types::FilterCondition>) —

  Any applicable row-level and/or column-level filtering conditions for the resources.

• :max_results (Integer) —

  The maximum number of resource results.

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve these resources.

Returns:

• (Types::ListResourcesResponse) —

  Returns a response object which responds to the following methods:

  • #resource_info_list => Array<Types::ResourceInfo>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3289

def list_resources(params = {}, options = {})
  req = build_request(:list_resources, params)
  req.send_request(options)
end

#list_table_storage_optimizers(params = {}) ⇒ Types::ListTableStorageOptimizersResponse

Returns the configuration of all storage optimizers associated with a specified table.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_table_storage_optimizers({
  catalog_id: "CatalogIdString",
  database_name: "NameString", # required
  table_name: "NameString", # required
  storage_optimizer_type: "COMPACTION", # accepts COMPACTION, GARBAGE_COLLECTION, ALL
  max_results: 1,
  next_token: "Token",
})

Response structure

resp.storage_optimizer_list #=> Array
resp.storage_optimizer_list[0].storage_optimizer_type #=> String, one of "COMPACTION", "GARBAGE_COLLECTION", "ALL"
resp.storage_optimizer_list[0].config #=> Hash
resp.storage_optimizer_list[0].config["StorageOptimizerConfigKey"] #=> String
resp.storage_optimizer_list[0].error_message #=> String
resp.storage_optimizer_list[0].warnings #=> String
resp.storage_optimizer_list[0].last_run_details #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The Catalog ID of the table.

• :database_name (required, String) —

  Name of the database where the table is present.

• :table_name (required, String) —

  Name of the table.

• :storage_optimizer_type (String) —

  The specific type of storage optimizers to list. The supported value is compaction.

• :max_results (Integer) —

  The number of storage optimizers to return on each call.

• :next_token (String) —

  A continuation token, if this is a continuation call.

Returns:

• (Types::ListTableStorageOptimizersResponse) —

  Returns a response object which responds to the following methods:

  • #storage_optimizer_list => Array<Types::StorageOptimizer>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3349

def list_table_storage_optimizers(params = {}, options = {})
  req = build_request(:list_table_storage_optimizers, params)
  req.send_request(options)
end

#list_transactions(params = {}) ⇒ Types::ListTransactionsResponse

Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.

This operation can help you identify uncommitted transactions or to get information about transactions.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.list_transactions({
  catalog_id: "CatalogIdString",
  status_filter: "ALL", # accepts ALL, COMPLETED, ACTIVE, COMMITTED, ABORTED
  max_results: 1,
  next_token: "TokenString",
})

Response structure

resp.transactions #=> Array
resp.transactions[0].transaction_id #=> String
resp.transactions[0].transaction_status #=> String, one of "ACTIVE", "COMMITTED", "ABORTED", "COMMIT_IN_PROGRESS"
resp.transactions[0].transaction_start_time #=> Time
resp.transactions[0].transaction_end_time #=> Time
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The catalog for which to list transactions. Defaults to the account ID of the caller.

• :status_filter (String) —

  A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is ALL.

• :max_results (Integer) —

  The maximum number of transactions to return in a single call.

• :next_token (String) —

  A continuation token if this is not the first call to retrieve transactions.

Returns:

• (Types::ListTransactionsResponse) —

  Returns a response object which responds to the following methods:

  • #transactions => Array<Types::TransactionDescription>
  • #next_token => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3406

def list_transactions(params = {}, options = {})
  req = build_request(:list_transactions, params)
  req.send_request(options)
end

#put_data_lake_settings(params = {}) ⇒ Struct

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

Examples:

Request syntax with placeholder values

resp = client.put_data_lake_settings({
  catalog_id: "CatalogIdString",
  data_lake_settings: { # required
    data_lake_admins: [
      {
        data_lake_principal_identifier: "DataLakePrincipalString",
      },
    ],
    read_only_admins: [
      {
        data_lake_principal_identifier: "DataLakePrincipalString",
      },
    ],
    create_database_default_permissions: [
      {
        principal: {
          data_lake_principal_identifier: "DataLakePrincipalString",
        },
        permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
      },
    ],
    create_table_default_permissions: [
      {
        principal: {
          data_lake_principal_identifier: "DataLakePrincipalString",
        },
        permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
      },
    ],
    parameters: {
      "KeyString" => "ParametersMapValue",
    },
    trusted_resource_owners: ["CatalogIdString"],
    allow_external_data_filtering: false,
    allow_full_table_external_data_access: false,
    external_data_filtering_allow_list: [
      {
        data_lake_principal_identifier: "DataLakePrincipalString",
      },
    ],
    authorized_session_tag_value_list: ["NameString"],
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :data_lake_settings (required, Types::DataLakeSettings) —

  A structure representing a list of Lake Formation principals designated as data lake administrators.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3485

def put_data_lake_settings(params = {}, options = {})
  req = build_request(:put_data_lake_settings, params)
  req.send_request(options)
end

#register_resource(params = {}) ⇒ Struct

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

arn:aws:iam::12345:role/my-data-access-role

Examples:

Request syntax with placeholder values

resp = client.register_resource({
  resource_arn: "ResourceArnString", # required
  use_service_linked_role: false,
  role_arn: "IAMRoleArn",
  with_federation: false,
  hybrid_access_enabled: false,
  with_privileged_access: false,
  expected_resource_owner_account: "AccountIdString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :resource_arn (required, String) —

  The Amazon Resource Name (ARN) of the resource that you want to register.

• :use_service_linked_role (Boolean) —

  Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.

  For more information, see Using Service-Linked Roles for Lake Formation.

• :role_arn (String) —

  The identifier for the role that registers the resource.

• :with_federation (Boolean) —

  Whether or not the resource is a federated resource.

• :hybrid_access_enabled (Boolean) —

  Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

• :with_privileged_access (Boolean) —

  Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location.

• :expected_resource_owner_account (String) —

  The Amazon Web Services account that owns the Glue tables associated with specific Amazon S3 locations.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3566

def register_resource(params = {}, options = {})
  req = build_request(:register_resource, params)
  req.send_request(options)
end

#remove_lf_tags_from_resource(params = {}) ⇒ Types::RemoveLFTagsFromResourceResponse

Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.

Examples:

Request syntax with placeholder values

resp = client.remove_lf_tags_from_resource({
  catalog_id: "CatalogIdString",
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  lf_tags: [ # required
    {
      catalog_id: "CatalogIdString",
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Response structure

resp.failures #=> Array
resp.failures[0].lf_tag.catalog_id #=> String
resp.failures[0].lf_tag.tag_key #=> String
resp.failures[0].lf_tag.tag_values #=> Array
resp.failures[0].lf_tag.tag_values[0] #=> String
resp.failures[0].error.error_code #=> String
resp.failures[0].error.error_message #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :resource (required, Types::Resource) —

  The database, table, or column resource where you want to remove an LF-tag.

• :lf_tags (required, Array<Types::LFTagPair>) —

  The LF-tags to be removed from the resource.

Returns:

• (Types::RemoveLFTagsFromResourceResponse) —

  Returns a response object which responds to the following methods:

  • #failures => Array<Types::LFTagError>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3674

def remove_lf_tags_from_resource(params = {}, options = {})
  req = build_request(:remove_lf_tags_from_resource, params)
  req.send_request(options)
end

#revoke_permissions(params = {}) ⇒ Struct

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Examples:

Request syntax with placeholder values

resp = client.revoke_permissions({
  catalog_id: "CatalogIdString",
  principal: { # required
    data_lake_principal_identifier: "DataLakePrincipalString",
  },
  resource: { # required
    catalog: {
      id: "CatalogIdString",
    },
    database: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
    table: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString",
      table_wildcard: {
      },
    },
    table_with_columns: {
      catalog_id: "CatalogIdString",
      database_name: "NameString", # required
      name: "NameString", # required
      column_names: ["NameString"],
      column_wildcard: {
        excluded_column_names: ["NameString"],
      },
    },
    data_location: {
      catalog_id: "CatalogIdString",
      resource_arn: "ResourceArnString", # required
    },
    data_cells_filter: {
      table_catalog_id: "CatalogIdString",
      database_name: "NameString",
      table_name: "NameString",
      name: "NameString",
    },
    lf_tag: {
      catalog_id: "CatalogIdString",
      tag_key: "NameString", # required
      tag_values: ["LFTagValue"], # required
    },
    lf_tag_policy: {
      catalog_id: "CatalogIdString",
      resource_type: "DATABASE", # required, accepts DATABASE, TABLE
      expression: [
        {
          tag_key: "LFTagKey", # required
          tag_values: ["LFTagValue"], # required
        },
      ],
      expression_name: "NameString",
    },
    lf_tag_expression: {
      catalog_id: "CatalogIdString",
      name: "NameString", # required
    },
  },
  permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
  condition: {
    expression: "ExpressionString",
  },
  permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION, CREATE_LF_TAG_EXPRESSION, CREATE_CATALOG, SUPER_USER
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :principal (required, Types::DataLakePrincipal) —

  The principal to be revoked permissions on the resource.

• :resource (required, Types::Resource) —

  The resource to which permissions are to be revoked.

• :permissions (required, Array<String>) —

  The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.

• :condition (Types::Condition) —

  A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.

• :permissions_with_grant_option (Array<String>) —

  Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3787

def revoke_permissions(params = {}, options = {})
  req = build_request(:revoke_permissions, params)
  req.send_request(options)
end

#search_databases_by_lf_tags(params = {}) ⇒ Types::SearchDatabasesByLFTagsResponse

This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.search_databases_by_lf_tags({
  next_token: "Token",
  max_results: 1,
  catalog_id: "CatalogIdString",
  expression: [ # required
    {
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Response structure

resp.next_token #=> String
resp.database_list #=> Array
resp.database_list[0].database.catalog_id #=> String
resp.database_list[0].database.name #=> String
resp.database_list[0].lf_tags #=> Array
resp.database_list[0].lf_tags[0].catalog_id #=> String
resp.database_list[0].lf_tags[0].tag_key #=> String
resp.database_list[0].lf_tags[0].tag_values #=> Array
resp.database_list[0].lf_tags[0].tag_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

• :max_results (Integer) —

  The maximum number of results to return.

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :expression (required, Array<Types::LFTag>) —

  A list of conditions (LFTag structures) to search for in database resources.

Returns:

• (Types::SearchDatabasesByLFTagsResponse) —

  Returns a response object which responds to the following methods:

  • #next_token => String
  • #database_list => Array<Types::TaggedDatabase>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3853

def search_databases_by_lf_tags(params = {}, options = {})
  req = build_request(:search_databases_by_lf_tags, params)
  req.send_request(options)
end

#search_tables_by_lf_tags(params = {}) ⇒ Types::SearchTablesByLFTagsResponse

This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values

resp = client.search_tables_by_lf_tags({
  next_token: "Token",
  max_results: 1,
  catalog_id: "CatalogIdString",
  expression: [ # required
    {
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Response structure

resp.next_token #=> String
resp.table_list #=> Array
resp.table_list[0].table.catalog_id #=> String
resp.table_list[0].table.database_name #=> String
resp.table_list[0].table.name #=> String
resp.table_list[0].lf_tag_on_database #=> Array
resp.table_list[0].lf_tag_on_database[0].catalog_id #=> String
resp.table_list[0].lf_tag_on_database[0].tag_key #=> String
resp.table_list[0].lf_tag_on_database[0].tag_values #=> Array
resp.table_list[0].lf_tag_on_database[0].tag_values[0] #=> String
resp.table_list[0].lf_tags_on_table #=> Array
resp.table_list[0].lf_tags_on_table[0].catalog_id #=> String
resp.table_list[0].lf_tags_on_table[0].tag_key #=> String
resp.table_list[0].lf_tags_on_table[0].tag_values #=> Array
resp.table_list[0].lf_tags_on_table[0].tag_values[0] #=> String
resp.table_list[0].lf_tags_on_columns #=> Array
resp.table_list[0].lf_tags_on_columns[0].name #=> String
resp.table_list[0].lf_tags_on_columns[0].lf_tags #=> Array
resp.table_list[0].lf_tags_on_columns[0].lf_tags[0].catalog_id #=> String
resp.table_list[0].lf_tags_on_columns[0].lf_tags[0].tag_key #=> String
resp.table_list[0].lf_tags_on_columns[0].lf_tags[0].tag_values #=> Array
resp.table_list[0].lf_tags_on_columns[0].lf_tags[0].tag_values[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :next_token (String) —

  A continuation token, if this is not the first call to retrieve this list.

• :max_results (Integer) —

  The maximum number of results to return.

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :expression (required, Array<Types::LFTag>) —

  A list of conditions (LFTag structures) to search for in table resources.

Returns:

• (Types::SearchTablesByLFTagsResponse) —

  Returns a response object which responds to the following methods:

  • #next_token => String
  • #table_list => Array<Types::TaggedTable>

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3931

def search_tables_by_lf_tags(params = {}, options = {})
  req = build_request(:search_tables_by_lf_tags, params)
  req.send_request(options)
end

#start_query_planning(params = {}) ⇒ Types::StartQueryPlanningResponse

Submits a request to process a query statement.

This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.

Examples:

Request syntax with placeholder values

resp = client.start_query_planning({
  query_planning_context: { # required
    catalog_id: "CatalogIdString",
    database_name: "QueryPlanningContextDatabaseNameString", # required
    query_as_of_time: Time.now,
    query_parameters: {
      "String" => "String",
    },
    transaction_id: "TransactionIdString",
  },
  query_string: "SyntheticStartQueryPlanningRequestQueryString", # required
})

Response structure

resp.query_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :query_planning_context (required, Types::QueryPlanningContext) —

  A structure containing information about the query plan.

• :query_string (required, String) —

  A PartiQL query statement used as an input to the planner service.

Returns:

• (Types::StartQueryPlanningResponse) —

  Returns a response object which responds to the following methods:

  • #query_id => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 3975

def start_query_planning(params = {}, options = {})
  req = build_request(:start_query_planning, params)
  req.send_request(options)
end

#start_transaction(params = {}) ⇒ Types::StartTransactionResponse

Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.

Examples:

Request syntax with placeholder values

resp = client.start_transaction({
  transaction_type: "READ_AND_WRITE", # accepts READ_AND_WRITE, READ_ONLY
})

Response structure

resp.transaction_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :transaction_type (String) —

  Indicates whether this transaction should be read only or read and write. Writes made using a read-only transaction ID will be rejected. Read-only transactions do not need to be committed.

Returns:

• (Types::StartTransactionResponse) —

  Returns a response object which responds to the following methods:

  • #transaction_id => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4006

def start_transaction(params = {}, options = {})
  req = build_request(:start_transaction, params)
  req.send_request(options)
end

#update_data_cells_filter(params = {}) ⇒ Struct

Updates a data cell filter.

Examples:

Request syntax with placeholder values

resp = client.update_data_cells_filter({
  table_data: { # required
    table_catalog_id: "CatalogIdString", # required
    database_name: "NameString", # required
    table_name: "NameString", # required
    name: "NameString", # required
    row_filter: {
      filter_expression: "PredicateString",
      all_rows_wildcard: {
      },
    },
    column_names: ["NameString"],
    column_wildcard: {
      excluded_column_names: ["NameString"],
    },
    version_id: "VersionString",
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :table_data (required, Types::DataCellsFilter) —

  A DataCellsFilter structure containing information about the data cells filter.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4044

def update_data_cells_filter(params = {}, options = {})
  req = build_request(:update_data_cells_filter, params)
  req.send_request(options)
end

#update_lake_formation_identity_center_configuration(params = {}) ⇒ Struct

Updates the IAM Identity Center connection parameters.

Examples:

Request syntax with placeholder values

resp = client.update_lake_formation_identity_center_configuration({
  catalog_id: "CatalogIdString",
  share_recipients: [
    {
      data_lake_principal_identifier: "DataLakePrincipalString",
    },
  ],
  service_integrations: [
    {
      redshift: [
        {
          redshift_connect: {
            authorization: "ENABLED", # required, accepts ENABLED, DISABLED
          },
        },
      ],
    },
  ],
  application_status: "ENABLED", # accepts ENABLED, DISABLED
  external_filtering: {
    status: "ENABLED", # required, accepts ENABLED, DISABLED
    authorized_targets: ["ScopeTarget"], # required
  },
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

• :share_recipients (Array<Types::DataLakePrincipal>) —

  A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access to access data managed by Lake Formation.

  If the ShareRecipients list includes valid values, then the resource share is updated with the principals you want to have access to the resources.

  If the ShareRecipients value is null, both the list of share recipients and the resource share remain unchanged.

  If the ShareRecipients value is an empty list, then the existing share recipients list will be cleared, and the resource share will be deleted.

• :service_integrations (Array<Types::ServiceIntegrationUnion>) —

  A list of service integrations for enabling trusted identity propagation with external services such as Redshift.

• :application_status (String) —

  Allows to enable or disable the IAM Identity Center connection.

• :external_filtering (Types::ExternalFilteringConfiguration) —

  A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4204

def update_lake_formation_identity_center_configuration(params = {}, options = {})
  req = build_request(:update_lake_formation_identity_center_configuration, params)
  req.send_request(options)
end

#update_lf_tag(params = {}) ⇒ Struct

Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.

Examples:

Request syntax with placeholder values

resp = client.update_lf_tag({
  catalog_id: "CatalogIdString",
  tag_key: "LFTagKey", # required
  tag_values_to_delete: ["LFTagValue"],
  tag_values_to_add: ["LFTagValue"],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

• :tag_key (required, String) —

  The key-name for the LF-tag for which to add or delete values.

• :tag_values_to_delete (Array<String>) —

  A list of LF-tag values to delete from the LF-tag.

• :tag_values_to_add (Array<String>) —

  A list of LF-tag values to add from the LF-tag.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4087

def update_lf_tag(params = {}, options = {})
  req = build_request(:update_lf_tag, params)
  req.send_request(options)
end

#update_lf_tag_expression(params = {}) ⇒ Struct

Updates the name of the LF-Tag expression to the new description and expression body provided. Updating a LF-Tag expression immediately changes the permission boundaries of all existing LFTagPolicy permission grants that reference the given LF-Tag expression.

Examples:

Request syntax with placeholder values

resp = client.update_lf_tag_expression({
  name: "NameString", # required
  description: "DescriptionString",
  catalog_id: "CatalogIdString",
  expression: [ # required
    {
      tag_key: "LFTagKey", # required
      tag_values: ["LFTagValue"], # required
    },
  ],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :name (required, String) —

  The name for the LF-Tag expression.

• :description (String) —

  The description with information about the saved LF-Tag expression.

• :catalog_id (String) —

  The identifier for the Data Catalog. By default, the account ID.

• :expression (required, Array<Types::LFTag>) —

  The LF-Tag expression body composed of one more LF-Tag key-value pairs.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4130

def update_lf_tag_expression(params = {}, options = {})
  req = build_request(:update_lf_tag_expression, params)
  req.send_request(options)
end

#update_resource(params = {}) ⇒ Struct

Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

Examples:

Request syntax with placeholder values

resp = client.update_resource({
  role_arn: "IAMRoleArn", # required
  resource_arn: "ResourceArnString", # required
  with_federation: false,
  hybrid_access_enabled: false,
  expected_resource_owner_account: "AccountIdString",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :role_arn (required, String) —

  The new role to use for the given resource registered in Lake Formation.

• :resource_arn (required, String) —

  The resource ARN.

• :with_federation (Boolean) —

  Whether or not the resource is a federated resource.

• :hybrid_access_enabled (Boolean) —

  Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

• :expected_resource_owner_account (String) —

  The Amazon Web Services account that owns the Glue tables associated with specific Amazon S3 locations.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4247

def update_resource(params = {}, options = {})
  req = build_request(:update_resource, params)
  req.send_request(options)
end

#update_table_objects(params = {}) ⇒ Struct

Updates the manifest of Amazon S3 objects that make up the specified governed table.

Examples:

Request syntax with placeholder values

resp = client.update_table_objects({
  catalog_id: "CatalogIdString",
  database_name: "NameString", # required
  table_name: "NameString", # required
  transaction_id: "TransactionIdString",
  write_operations: [ # required
    {
      add_object: {
        uri: "URI", # required
        etag: "ETagString", # required
        size: 1, # required
        partition_values: ["PartitionValueString"],
      },
      delete_object: {
        uri: "URI", # required
        etag: "ETagString",
        partition_values: ["PartitionValueString"],
      },
    },
  ],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The catalog containing the governed table to update. Defaults to the caller’s account ID.

• :database_name (required, String) —

  The database containing the governed table to update.

• :table_name (required, String) —

  The governed table to update.

• :transaction_id (String) —

  The transaction at which to do the write.

• :write_operations (required, Array<Types::WriteOperation>) —

  A list of WriteOperation objects that define an object to add to or delete from the manifest for a governed table.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4302

def update_table_objects(params = {}, options = {})
  req = build_request(:update_table_objects, params)
  req.send_request(options)
end

#update_table_storage_optimizer(params = {}) ⇒ Types::UpdateTableStorageOptimizerResponse

Updates the configuration of the storage optimizers for a table.

Examples:

Request syntax with placeholder values

resp = client.update_table_storage_optimizer({
  catalog_id: "CatalogIdString",
  database_name: "NameString", # required
  table_name: "NameString", # required
  storage_optimizer_config: { # required
    "COMPACTION" => {
      "StorageOptimizerConfigKey" => "StorageOptimizerConfigValue",
    },
  },
})

Response structure

resp.result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :catalog_id (String) —

  The Catalog ID of the table.

• :database_name (required, String) —

  Name of the database where the table is present.

• :table_name (required, String) —

  Name of the table for which to enable the storage optimizer.

• :storage_optimizer_config (required, Hash<String,Hash>) —

  Name of the configuration for the storage optimizer.

Returns:

• (Types::UpdateTableStorageOptimizerResponse) —

  Returns a response object which responds to the following methods:

  • #result => String

See Also:

• AWS API Documentation

# File 'gems/aws-sdk-lakeformation/lib/aws-sdk-lakeformation/client.rb', line 4346

def update_table_storage_optimizer(params = {}, options = {})
  req = build_request(:update_table_storage_optimizer, params)
  req.send_request(options)
end