@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
160 lines • 7.31 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.DataLakeSettings = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
*
* > **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the `IAMAllowedPrincipals` principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html).
*
* ## Example Usage
*
* ### Data Lake Admins
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
* test.arn,
* testAwsIamRole.arn,
* ]});
* ```
*
* ### Create Default Permissions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.lakeformation.DataLakeSettings("example", {
* admins: [
* test.arn,
* testAwsIamRole.arn,
* ],
* createDatabaseDefaultPermissions: [{
* permissions: [
* "SELECT",
* "ALTER",
* "DROP",
* ],
* principal: test.arn,
* }],
* createTableDefaultPermissions: [{
* permissions: ["ALL"],
* principal: testAwsIamRole.arn,
* }],
* });
* ```
*
* ### Enable EMR access to LakeFormation resources
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.lakeformation.DataLakeSettings("example", {
* admins: [
* test.arn,
* testAwsIamRole.arn,
* ],
* createDatabaseDefaultPermissions: [{
* permissions: [
* "SELECT",
* "ALTER",
* "DROP",
* ],
* principal: test.arn,
* }],
* createTableDefaultPermissions: [{
* permissions: ["ALL"],
* principal: testAwsIamRole.arn,
* }],
* allowExternalDataFiltering: true,
* externalDataFilteringAllowLists: [
* current.accountId,
* thirdParty.accountId,
* ],
* authorizedSessionTagValueLists: ["Amazon EMR"],
* allowFullTableExternalDataAccess: true,
* });
* ```
*
* ### Change Cross Account Version
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.lakeformation.DataLakeSettings("example", {parameters: {
* CROSS_ACCOUNT_VERSION: "3",
* }});
* ```
*/
class DataLakeSettings extends pulumi.CustomResource {
/**
* Get an existing DataLakeSettings resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new DataLakeSettings(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of DataLakeSettings. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === DataLakeSettings.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["admins"] = state ? state.admins : undefined;
resourceInputs["allowExternalDataFiltering"] = state ? state.allowExternalDataFiltering : undefined;
resourceInputs["allowFullTableExternalDataAccess"] = state ? state.allowFullTableExternalDataAccess : undefined;
resourceInputs["authorizedSessionTagValueLists"] = state ? state.authorizedSessionTagValueLists : undefined;
resourceInputs["catalogId"] = state ? state.catalogId : undefined;
resourceInputs["createDatabaseDefaultPermissions"] = state ? state.createDatabaseDefaultPermissions : undefined;
resourceInputs["createTableDefaultPermissions"] = state ? state.createTableDefaultPermissions : undefined;
resourceInputs["externalDataFilteringAllowLists"] = state ? state.externalDataFilteringAllowLists : undefined;
resourceInputs["parameters"] = state ? state.parameters : undefined;
resourceInputs["readOnlyAdmins"] = state ? state.readOnlyAdmins : undefined;
resourceInputs["region"] = state ? state.region : undefined;
resourceInputs["trustedResourceOwners"] = state ? state.trustedResourceOwners : undefined;
}
else {
const args = argsOrState;
resourceInputs["admins"] = args ? args.admins : undefined;
resourceInputs["allowExternalDataFiltering"] = args ? args.allowExternalDataFiltering : undefined;
resourceInputs["allowFullTableExternalDataAccess"] = args ? args.allowFullTableExternalDataAccess : undefined;
resourceInputs["authorizedSessionTagValueLists"] = args ? args.authorizedSessionTagValueLists : undefined;
resourceInputs["catalogId"] = args ? args.catalogId : undefined;
resourceInputs["createDatabaseDefaultPermissions"] = args ? args.createDatabaseDefaultPermissions : undefined;
resourceInputs["createTableDefaultPermissions"] = args ? args.createTableDefaultPermissions : undefined;
resourceInputs["externalDataFilteringAllowLists"] = args ? args.externalDataFilteringAllowLists : undefined;
resourceInputs["parameters"] = args ? args.parameters : undefined;
resourceInputs["readOnlyAdmins"] = args ? args.readOnlyAdmins : undefined;
resourceInputs["region"] = args ? args.region : undefined;
resourceInputs["trustedResourceOwners"] = args ? args.trustedResourceOwners : undefined;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(DataLakeSettings.__pulumiType, name, resourceInputs, opts);
}
}
exports.DataLakeSettings = DataLakeSettings;
/** @internal */
DataLakeSettings.__pulumiType = 'aws:lakeformation/dataLakeSettings:DataLakeSettings';
//# sourceMappingURL=dataLakeSettings.js.map