UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

168 lines • 6.32 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.getPermissionsOutput = exports.getPermissions = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html). * * > **NOTE:** This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html). * * ## Example Usage * * ### Permissions For A Lake Formation S3 Resource * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * dataLocation: { * arn: testAwsLakeformationResource.arn, * }, * }); * ``` * * ### Permissions For A Glue Catalog Database * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * database: { * name: testAwsGlueCatalogDatabase.name, * catalogId: "110376042874", * }, * }); * ``` * * ### Permissions For Tag-Based Access Control * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * lfTagPolicy: { * resourceType: "DATABASE", * expressions: [ * { * key: "Team", * values: ["Sales"], * }, * { * key: "Environment", * values: [ * "Dev", * "Production", * ], * }, * ], * }, * }); * ``` */ function getPermissions(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aws:lakeformation/getPermissions:getPermissions", { "catalogId": args.catalogId, "catalogResource": args.catalogResource, "dataCellsFilter": args.dataCellsFilter, "dataLocation": args.dataLocation, "database": args.database, "lfTag": args.lfTag, "lfTagPolicy": args.lfTagPolicy, "principal": args.principal, "region": args.region, "table": args.table, "tableWithColumns": args.tableWithColumns, }, opts); } exports.getPermissions = getPermissions; /** * Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html). * * > **NOTE:** This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html). * * ## Example Usage * * ### Permissions For A Lake Formation S3 Resource * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * dataLocation: { * arn: testAwsLakeformationResource.arn, * }, * }); * ``` * * ### Permissions For A Glue Catalog Database * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * database: { * name: testAwsGlueCatalogDatabase.name, * catalogId: "110376042874", * }, * }); * ``` * * ### Permissions For Tag-Based Access Control * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.lakeformation.getPermissions({ * principal: workflowRole.arn, * lfTagPolicy: { * resourceType: "DATABASE", * expressions: [ * { * key: "Team", * values: ["Sales"], * }, * { * key: "Environment", * values: [ * "Dev", * "Production", * ], * }, * ], * }, * }); * ``` */ function getPermissionsOutput(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("aws:lakeformation/getPermissions:getPermissions", { "catalogId": args.catalogId, "catalogResource": args.catalogResource, "dataCellsFilter": args.dataCellsFilter, "dataLocation": args.dataLocation, "database": args.database, "lfTag": args.lfTag, "lfTagPolicy": args.lfTagPolicy, "principal": args.principal, "region": args.region, "table": args.table, "tableWithColumns": args.tableWithColumns, }, opts); } exports.getPermissionsOutput = getPermissionsOutput; //# sourceMappingURL=getPermissions.js.map