aws-sdk
Version:
AWS SDK for JavaScript
553 lines • 122 kB
TypeScript
import {Request} from '../lib/request';
import {Response} from '../lib/response';
import {AWSError} from '../lib/error';
import {Service} from '../lib/service';
import {ServiceConfigurationOptions} from '../lib/service';
import {ConfigBase as Config} from '../lib/config-base';
import {Readable} from 'stream';
interface Blob {}
declare class LakeFormation extends Service {
/**
* Constructs a service object. This object has one method for each API operation.
*/
constructor(options?: LakeFormation.Types.ClientConfiguration)
config: Config & LakeFormation.Types.ClientConfiguration;
/**
* Attaches one or more LF-tags to an existing resource.
*/
addLFTagsToResource(params: LakeFormation.Types.AddLFTagsToResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.AddLFTagsToResourceResponse) => void): Request<LakeFormation.Types.AddLFTagsToResourceResponse, AWSError>;
/**
* Attaches one or more LF-tags to an existing resource.
*/
addLFTagsToResource(callback?: (err: AWSError, data: LakeFormation.Types.AddLFTagsToResourceResponse) => void): Request<LakeFormation.Types.AddLFTagsToResourceResponse, AWSError>;
/**
* Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session. This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:
*/
assumeDecoratedRoleWithSAML(params: LakeFormation.Types.AssumeDecoratedRoleWithSAMLRequest, callback?: (err: AWSError, data: LakeFormation.Types.AssumeDecoratedRoleWithSAMLResponse) => void): Request<LakeFormation.Types.AssumeDecoratedRoleWithSAMLResponse, AWSError>;
/**
* Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session. This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:
*/
assumeDecoratedRoleWithSAML(callback?: (err: AWSError, data: LakeFormation.Types.AssumeDecoratedRoleWithSAMLResponse) => void): Request<LakeFormation.Types.AssumeDecoratedRoleWithSAMLResponse, AWSError>;
/**
* Batch operation to grant permissions to the principal.
*/
batchGrantPermissions(params: LakeFormation.Types.BatchGrantPermissionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.BatchGrantPermissionsResponse) => void): Request<LakeFormation.Types.BatchGrantPermissionsResponse, AWSError>;
/**
* Batch operation to grant permissions to the principal.
*/
batchGrantPermissions(callback?: (err: AWSError, data: LakeFormation.Types.BatchGrantPermissionsResponse) => void): Request<LakeFormation.Types.BatchGrantPermissionsResponse, AWSError>;
/**
* Batch operation to revoke permissions from the principal.
*/
batchRevokePermissions(params: LakeFormation.Types.BatchRevokePermissionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.BatchRevokePermissionsResponse) => void): Request<LakeFormation.Types.BatchRevokePermissionsResponse, AWSError>;
/**
* Batch operation to revoke permissions from the principal.
*/
batchRevokePermissions(callback?: (err: AWSError, data: LakeFormation.Types.BatchRevokePermissionsResponse) => void): Request<LakeFormation.Types.BatchRevokePermissionsResponse, AWSError>;
/**
* Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.
*/
cancelTransaction(params: LakeFormation.Types.CancelTransactionRequest, callback?: (err: AWSError, data: LakeFormation.Types.CancelTransactionResponse) => void): Request<LakeFormation.Types.CancelTransactionResponse, AWSError>;
/**
* Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.
*/
cancelTransaction(callback?: (err: AWSError, data: LakeFormation.Types.CancelTransactionResponse) => void): Request<LakeFormation.Types.CancelTransactionResponse, AWSError>;
/**
* Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.
*/
commitTransaction(params: LakeFormation.Types.CommitTransactionRequest, callback?: (err: AWSError, data: LakeFormation.Types.CommitTransactionResponse) => void): Request<LakeFormation.Types.CommitTransactionResponse, AWSError>;
/**
* Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.
*/
commitTransaction(callback?: (err: AWSError, data: LakeFormation.Types.CommitTransactionResponse) => void): Request<LakeFormation.Types.CommitTransactionResponse, AWSError>;
/**
* Creates a data cell filter to allow one to grant access to certain columns on certain rows.
*/
createDataCellsFilter(params: LakeFormation.Types.CreateDataCellsFilterRequest, callback?: (err: AWSError, data: LakeFormation.Types.CreateDataCellsFilterResponse) => void): Request<LakeFormation.Types.CreateDataCellsFilterResponse, AWSError>;
/**
* Creates a data cell filter to allow one to grant access to certain columns on certain rows.
*/
createDataCellsFilter(callback?: (err: AWSError, data: LakeFormation.Types.CreateDataCellsFilterResponse) => void): Request<LakeFormation.Types.CreateDataCellsFilterResponse, AWSError>;
/**
* Creates an LF-tag with the specified name and values.
*/
createLFTag(params: LakeFormation.Types.CreateLFTagRequest, callback?: (err: AWSError, data: LakeFormation.Types.CreateLFTagResponse) => void): Request<LakeFormation.Types.CreateLFTagResponse, AWSError>;
/**
* Creates an LF-tag with the specified name and values.
*/
createLFTag(callback?: (err: AWSError, data: LakeFormation.Types.CreateLFTagResponse) => void): Request<LakeFormation.Types.CreateLFTagResponse, AWSError>;
/**
* Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
*/
createLakeFormationIdentityCenterConfiguration(params: LakeFormation.Types.CreateLakeFormationIdentityCenterConfigurationRequest, callback?: (err: AWSError, data: LakeFormation.Types.CreateLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.CreateLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.
*/
createLakeFormationIdentityCenterConfiguration(callback?: (err: AWSError, data: LakeFormation.Types.CreateLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.CreateLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Enforce Lake Formation permissions for the given databases, tables, and principals.
*/
createLakeFormationOptIn(params: LakeFormation.Types.CreateLakeFormationOptInRequest, callback?: (err: AWSError, data: LakeFormation.Types.CreateLakeFormationOptInResponse) => void): Request<LakeFormation.Types.CreateLakeFormationOptInResponse, AWSError>;
/**
* Enforce Lake Formation permissions for the given databases, tables, and principals.
*/
createLakeFormationOptIn(callback?: (err: AWSError, data: LakeFormation.Types.CreateLakeFormationOptInResponse) => void): Request<LakeFormation.Types.CreateLakeFormationOptInResponse, AWSError>;
/**
* Deletes a data cell filter.
*/
deleteDataCellsFilter(params: LakeFormation.Types.DeleteDataCellsFilterRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeleteDataCellsFilterResponse) => void): Request<LakeFormation.Types.DeleteDataCellsFilterResponse, AWSError>;
/**
* Deletes a data cell filter.
*/
deleteDataCellsFilter(callback?: (err: AWSError, data: LakeFormation.Types.DeleteDataCellsFilterResponse) => void): Request<LakeFormation.Types.DeleteDataCellsFilterResponse, AWSError>;
/**
* Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.
*/
deleteLFTag(params: LakeFormation.Types.DeleteLFTagRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeleteLFTagResponse) => void): Request<LakeFormation.Types.DeleteLFTagResponse, AWSError>;
/**
* Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.
*/
deleteLFTag(callback?: (err: AWSError, data: LakeFormation.Types.DeleteLFTagResponse) => void): Request<LakeFormation.Types.DeleteLFTagResponse, AWSError>;
/**
* Deletes an IAM Identity Center connection with Lake Formation.
*/
deleteLakeFormationIdentityCenterConfiguration(params: LakeFormation.Types.DeleteLakeFormationIdentityCenterConfigurationRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeleteLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.DeleteLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Deletes an IAM Identity Center connection with Lake Formation.
*/
deleteLakeFormationIdentityCenterConfiguration(callback?: (err: AWSError, data: LakeFormation.Types.DeleteLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.DeleteLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
*/
deleteLakeFormationOptIn(params: LakeFormation.Types.DeleteLakeFormationOptInRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeleteLakeFormationOptInResponse) => void): Request<LakeFormation.Types.DeleteLakeFormationOptInResponse, AWSError>;
/**
* Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.
*/
deleteLakeFormationOptIn(callback?: (err: AWSError, data: LakeFormation.Types.DeleteLakeFormationOptInResponse) => void): Request<LakeFormation.Types.DeleteLakeFormationOptInResponse, AWSError>;
/**
* For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels. The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.
*/
deleteObjectsOnCancel(params: LakeFormation.Types.DeleteObjectsOnCancelRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeleteObjectsOnCancelResponse) => void): Request<LakeFormation.Types.DeleteObjectsOnCancelResponse, AWSError>;
/**
* For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels. The Glue ETL library function write_dynamic_frame.from_catalog() includes an option to automatically call DeleteObjectsOnCancel before writes. For more information, see Rolling Back Amazon S3 Writes.
*/
deleteObjectsOnCancel(callback?: (err: AWSError, data: LakeFormation.Types.DeleteObjectsOnCancelResponse) => void): Request<LakeFormation.Types.DeleteObjectsOnCancelResponse, AWSError>;
/**
* Deregisters the resource as managed by the Data Catalog. When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
*/
deregisterResource(params: LakeFormation.Types.DeregisterResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.DeregisterResourceResponse) => void): Request<LakeFormation.Types.DeregisterResourceResponse, AWSError>;
/**
* Deregisters the resource as managed by the Data Catalog. When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.
*/
deregisterResource(callback?: (err: AWSError, data: LakeFormation.Types.DeregisterResourceResponse) => void): Request<LakeFormation.Types.DeregisterResourceResponse, AWSError>;
/**
* Retrieves the instance ARN and application ARN for the connection.
*/
describeLakeFormationIdentityCenterConfiguration(params: LakeFormation.Types.DescribeLakeFormationIdentityCenterConfigurationRequest, callback?: (err: AWSError, data: LakeFormation.Types.DescribeLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.DescribeLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Retrieves the instance ARN and application ARN for the connection.
*/
describeLakeFormationIdentityCenterConfiguration(callback?: (err: AWSError, data: LakeFormation.Types.DescribeLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.DescribeLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Retrieves the current data access role for the given resource registered in Lake Formation.
*/
describeResource(params: LakeFormation.Types.DescribeResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.DescribeResourceResponse) => void): Request<LakeFormation.Types.DescribeResourceResponse, AWSError>;
/**
* Retrieves the current data access role for the given resource registered in Lake Formation.
*/
describeResource(callback?: (err: AWSError, data: LakeFormation.Types.DescribeResourceResponse) => void): Request<LakeFormation.Types.DescribeResourceResponse, AWSError>;
/**
* Returns the details of a single transaction.
*/
describeTransaction(params: LakeFormation.Types.DescribeTransactionRequest, callback?: (err: AWSError, data: LakeFormation.Types.DescribeTransactionResponse) => void): Request<LakeFormation.Types.DescribeTransactionResponse, AWSError>;
/**
* Returns the details of a single transaction.
*/
describeTransaction(callback?: (err: AWSError, data: LakeFormation.Types.DescribeTransactionResponse) => void): Request<LakeFormation.Types.DescribeTransactionResponse, AWSError>;
/**
* Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted. Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.
*/
extendTransaction(params: LakeFormation.Types.ExtendTransactionRequest, callback?: (err: AWSError, data: LakeFormation.Types.ExtendTransactionResponse) => void): Request<LakeFormation.Types.ExtendTransactionResponse, AWSError>;
/**
* Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted. Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.
*/
extendTransaction(callback?: (err: AWSError, data: LakeFormation.Types.ExtendTransactionResponse) => void): Request<LakeFormation.Types.ExtendTransactionResponse, AWSError>;
/**
* Returns a data cells filter.
*/
getDataCellsFilter(params: LakeFormation.Types.GetDataCellsFilterRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetDataCellsFilterResponse) => void): Request<LakeFormation.Types.GetDataCellsFilterResponse, AWSError>;
/**
* Returns a data cells filter.
*/
getDataCellsFilter(callback?: (err: AWSError, data: LakeFormation.Types.GetDataCellsFilterResponse) => void): Request<LakeFormation.Types.GetDataCellsFilterResponse, AWSError>;
/**
* Returns the identity of the invoking principal.
*/
getDataLakePrincipal(params: LakeFormation.Types.GetDataLakePrincipalRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetDataLakePrincipalResponse) => void): Request<LakeFormation.Types.GetDataLakePrincipalResponse, AWSError>;
/**
* Returns the identity of the invoking principal.
*/
getDataLakePrincipal(callback?: (err: AWSError, data: LakeFormation.Types.GetDataLakePrincipalResponse) => void): Request<LakeFormation.Types.GetDataLakePrincipalResponse, AWSError>;
/**
* Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
*/
getDataLakeSettings(params: LakeFormation.Types.GetDataLakeSettingsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetDataLakeSettingsResponse) => void): Request<LakeFormation.Types.GetDataLakeSettingsResponse, AWSError>;
/**
* Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
*/
getDataLakeSettings(callback?: (err: AWSError, data: LakeFormation.Types.GetDataLakeSettingsResponse) => void): Request<LakeFormation.Types.GetDataLakeSettingsResponse, AWSError>;
/**
* Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.
*/
getEffectivePermissionsForPath(params: LakeFormation.Types.GetEffectivePermissionsForPathRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetEffectivePermissionsForPathResponse) => void): Request<LakeFormation.Types.GetEffectivePermissionsForPathResponse, AWSError>;
/**
* Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.
*/
getEffectivePermissionsForPath(callback?: (err: AWSError, data: LakeFormation.Types.GetEffectivePermissionsForPathResponse) => void): Request<LakeFormation.Types.GetEffectivePermissionsForPathResponse, AWSError>;
/**
* Returns an LF-tag definition.
*/
getLFTag(params: LakeFormation.Types.GetLFTagRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetLFTagResponse) => void): Request<LakeFormation.Types.GetLFTagResponse, AWSError>;
/**
* Returns an LF-tag definition.
*/
getLFTag(callback?: (err: AWSError, data: LakeFormation.Types.GetLFTagResponse) => void): Request<LakeFormation.Types.GetLFTagResponse, AWSError>;
/**
* Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.
*/
getQueryState(params: LakeFormation.Types.GetQueryStateRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetQueryStateResponse) => void): Request<LakeFormation.Types.GetQueryStateResponse, AWSError>;
/**
* Returns the state of a query previously submitted. Clients are expected to poll GetQueryState to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to StartQueryPlanning.
*/
getQueryState(callback?: (err: AWSError, data: LakeFormation.Types.GetQueryStateResponse) => void): Request<LakeFormation.Types.GetQueryStateResponse, AWSError>;
/**
* Retrieves statistics on the planning and execution of a query.
*/
getQueryStatistics(params: LakeFormation.Types.GetQueryStatisticsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetQueryStatisticsResponse) => void): Request<LakeFormation.Types.GetQueryStatisticsResponse, AWSError>;
/**
* Retrieves statistics on the planning and execution of a query.
*/
getQueryStatistics(callback?: (err: AWSError, data: LakeFormation.Types.GetQueryStatisticsResponse) => void): Request<LakeFormation.Types.GetQueryStatisticsResponse, AWSError>;
/**
* Returns the LF-tags applied to a resource.
*/
getResourceLFTags(params: LakeFormation.Types.GetResourceLFTagsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetResourceLFTagsResponse) => void): Request<LakeFormation.Types.GetResourceLFTagsResponse, AWSError>;
/**
* Returns the LF-tags applied to a resource.
*/
getResourceLFTags(callback?: (err: AWSError, data: LakeFormation.Types.GetResourceLFTagsResponse) => void): Request<LakeFormation.Types.GetResourceLFTagsResponse, AWSError>;
/**
* Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.
*/
getTableObjects(params: LakeFormation.Types.GetTableObjectsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetTableObjectsResponse) => void): Request<LakeFormation.Types.GetTableObjectsResponse, AWSError>;
/**
* Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.
*/
getTableObjects(callback?: (err: AWSError, data: LakeFormation.Types.GetTableObjectsResponse) => void): Request<LakeFormation.Types.GetTableObjectsResponse, AWSError>;
/**
* This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.
*/
getTemporaryGluePartitionCredentials(params: LakeFormation.Types.GetTemporaryGluePartitionCredentialsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetTemporaryGluePartitionCredentialsResponse) => void): Request<LakeFormation.Types.GetTemporaryGluePartitionCredentialsResponse, AWSError>;
/**
* This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.
*/
getTemporaryGluePartitionCredentials(callback?: (err: AWSError, data: LakeFormation.Types.GetTemporaryGluePartitionCredentialsResponse) => void): Request<LakeFormation.Types.GetTemporaryGluePartitionCredentialsResponse, AWSError>;
/**
* Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
*/
getTemporaryGlueTableCredentials(params: LakeFormation.Types.GetTemporaryGlueTableCredentialsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetTemporaryGlueTableCredentialsResponse) => void): Request<LakeFormation.Types.GetTemporaryGlueTableCredentialsResponse, AWSError>;
/**
* Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
*/
getTemporaryGlueTableCredentials(callback?: (err: AWSError, data: LakeFormation.Types.GetTemporaryGlueTableCredentialsResponse) => void): Request<LakeFormation.Types.GetTemporaryGlueTableCredentialsResponse, AWSError>;
/**
* Returns the work units resulting from the query. Work units can be executed in any order and in parallel.
*/
getWorkUnitResults(params: LakeFormation.Types.GetWorkUnitResultsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetWorkUnitResultsResponse) => void): Request<LakeFormation.Types.GetWorkUnitResultsResponse, AWSError>;
/**
* Returns the work units resulting from the query. Work units can be executed in any order and in parallel.
*/
getWorkUnitResults(callback?: (err: AWSError, data: LakeFormation.Types.GetWorkUnitResultsResponse) => void): Request<LakeFormation.Types.GetWorkUnitResultsResponse, AWSError>;
/**
* Retrieves the work units generated by the StartQueryPlanning operation.
*/
getWorkUnits(params: LakeFormation.Types.GetWorkUnitsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GetWorkUnitsResponse) => void): Request<LakeFormation.Types.GetWorkUnitsResponse, AWSError>;
/**
* Retrieves the work units generated by the StartQueryPlanning operation.
*/
getWorkUnits(callback?: (err: AWSError, data: LakeFormation.Types.GetWorkUnitsResponse) => void): Request<LakeFormation.Types.GetWorkUnitsResponse, AWSError>;
/**
* Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. For information about permissions, see Security and Access Control to Metadata and Data.
*/
grantPermissions(params: LakeFormation.Types.GrantPermissionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.GrantPermissionsResponse) => void): Request<LakeFormation.Types.GrantPermissionsResponse, AWSError>;
/**
* Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. For information about permissions, see Security and Access Control to Metadata and Data.
*/
grantPermissions(callback?: (err: AWSError, data: LakeFormation.Types.GrantPermissionsResponse) => void): Request<LakeFormation.Types.GrantPermissionsResponse, AWSError>;
/**
* Lists all the data cell filters on a table.
*/
listDataCellsFilter(params: LakeFormation.Types.ListDataCellsFilterRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListDataCellsFilterResponse) => void): Request<LakeFormation.Types.ListDataCellsFilterResponse, AWSError>;
/**
* Lists all the data cell filters on a table.
*/
listDataCellsFilter(callback?: (err: AWSError, data: LakeFormation.Types.ListDataCellsFilterResponse) => void): Request<LakeFormation.Types.ListDataCellsFilterResponse, AWSError>;
/**
* Lists LF-tags that the requester has permission to view.
*/
listLFTags(params: LakeFormation.Types.ListLFTagsRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListLFTagsResponse) => void): Request<LakeFormation.Types.ListLFTagsResponse, AWSError>;
/**
* Lists LF-tags that the requester has permission to view.
*/
listLFTags(callback?: (err: AWSError, data: LakeFormation.Types.ListLFTagsResponse) => void): Request<LakeFormation.Types.ListLFTagsResponse, AWSError>;
/**
* Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
*/
listLakeFormationOptIns(params: LakeFormation.Types.ListLakeFormationOptInsRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListLakeFormationOptInsResponse) => void): Request<LakeFormation.Types.ListLakeFormationOptInsResponse, AWSError>;
/**
* Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.
*/
listLakeFormationOptIns(callback?: (err: AWSError, data: LakeFormation.Types.ListLakeFormationOptInsResponse) => void): Request<LakeFormation.Types.ListLakeFormationOptInsResponse, AWSError>;
/**
* Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER. This operation returns only those permissions that have been explicitly granted. For information about permissions, see Security and Access Control to Metadata and Data.
*/
listPermissions(params: LakeFormation.Types.ListPermissionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListPermissionsResponse) => void): Request<LakeFormation.Types.ListPermissionsResponse, AWSError>;
/**
* Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER. This operation returns only those permissions that have been explicitly granted. For information about permissions, see Security and Access Control to Metadata and Data.
*/
listPermissions(callback?: (err: AWSError, data: LakeFormation.Types.ListPermissionsResponse) => void): Request<LakeFormation.Types.ListPermissionsResponse, AWSError>;
/**
* Lists the resources registered to be managed by the Data Catalog.
*/
listResources(params: LakeFormation.Types.ListResourcesRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListResourcesResponse) => void): Request<LakeFormation.Types.ListResourcesResponse, AWSError>;
/**
* Lists the resources registered to be managed by the Data Catalog.
*/
listResources(callback?: (err: AWSError, data: LakeFormation.Types.ListResourcesResponse) => void): Request<LakeFormation.Types.ListResourcesResponse, AWSError>;
/**
* Returns the configuration of all storage optimizers associated with a specified table.
*/
listTableStorageOptimizers(params: LakeFormation.Types.ListTableStorageOptimizersRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListTableStorageOptimizersResponse) => void): Request<LakeFormation.Types.ListTableStorageOptimizersResponse, AWSError>;
/**
* Returns the configuration of all storage optimizers associated with a specified table.
*/
listTableStorageOptimizers(callback?: (err: AWSError, data: LakeFormation.Types.ListTableStorageOptimizersResponse) => void): Request<LakeFormation.Types.ListTableStorageOptimizersResponse, AWSError>;
/**
* Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned. This operation can help you identify uncommitted transactions or to get information about transactions.
*/
listTransactions(params: LakeFormation.Types.ListTransactionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.ListTransactionsResponse) => void): Request<LakeFormation.Types.ListTransactionsResponse, AWSError>;
/**
* Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned. This operation can help you identify uncommitted transactions or to get information about transactions.
*/
listTransactions(callback?: (err: AWSError, data: LakeFormation.Types.ListTransactionsResponse) => void): Request<LakeFormation.Types.ListTransactionsResponse, AWSError>;
/**
* Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions. This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
*/
putDataLakeSettings(params: LakeFormation.Types.PutDataLakeSettingsRequest, callback?: (err: AWSError, data: LakeFormation.Types.PutDataLakeSettingsResponse) => void): Request<LakeFormation.Types.PutDataLakeSettingsResponse, AWSError>;
/**
* Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions. This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.
*/
putDataLakeSettings(callback?: (err: AWSError, data: LakeFormation.Types.PutDataLakeSettingsResponse) => void): Request<LakeFormation.Types.PutDataLakeSettingsResponse, AWSError>;
/**
* Registers the resource as managed by the Data Catalog. To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy. The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location. ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn: arn:aws:iam::12345:role/my-data-access-role
*/
registerResource(params: LakeFormation.Types.RegisterResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.RegisterResourceResponse) => void): Request<LakeFormation.Types.RegisterResourceResponse, AWSError>;
/**
* Registers the resource as managed by the Data Catalog. To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy. The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location. ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn: arn:aws:iam::12345:role/my-data-access-role
*/
registerResource(callback?: (err: AWSError, data: LakeFormation.Types.RegisterResourceResponse) => void): Request<LakeFormation.Types.RegisterResourceResponse, AWSError>;
/**
* Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.
*/
removeLFTagsFromResource(params: LakeFormation.Types.RemoveLFTagsFromResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.RemoveLFTagsFromResourceResponse) => void): Request<LakeFormation.Types.RemoveLFTagsFromResourceResponse, AWSError>;
/**
* Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.
*/
removeLFTagsFromResource(callback?: (err: AWSError, data: LakeFormation.Types.RemoveLFTagsFromResourceResponse) => void): Request<LakeFormation.Types.RemoveLFTagsFromResourceResponse, AWSError>;
/**
* Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
*/
revokePermissions(params: LakeFormation.Types.RevokePermissionsRequest, callback?: (err: AWSError, data: LakeFormation.Types.RevokePermissionsResponse) => void): Request<LakeFormation.Types.RevokePermissionsResponse, AWSError>;
/**
* Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
*/
revokePermissions(callback?: (err: AWSError, data: LakeFormation.Types.RevokePermissionsResponse) => void): Request<LakeFormation.Types.RevokePermissionsResponse, AWSError>;
/**
* This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.
*/
searchDatabasesByLFTags(params: LakeFormation.Types.SearchDatabasesByLFTagsRequest, callback?: (err: AWSError, data: LakeFormation.Types.SearchDatabasesByLFTagsResponse) => void): Request<LakeFormation.Types.SearchDatabasesByLFTagsResponse, AWSError>;
/**
* This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.
*/
searchDatabasesByLFTags(callback?: (err: AWSError, data: LakeFormation.Types.SearchDatabasesByLFTagsResponse) => void): Request<LakeFormation.Types.SearchDatabasesByLFTagsResponse, AWSError>;
/**
* This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.
*/
searchTablesByLFTags(params: LakeFormation.Types.SearchTablesByLFTagsRequest, callback?: (err: AWSError, data: LakeFormation.Types.SearchTablesByLFTagsResponse) => void): Request<LakeFormation.Types.SearchTablesByLFTagsResponse, AWSError>;
/**
* This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.
*/
searchTablesByLFTags(callback?: (err: AWSError, data: LakeFormation.Types.SearchTablesByLFTagsResponse) => void): Request<LakeFormation.Types.SearchTablesByLFTagsResponse, AWSError>;
/**
* Submits a request to process a query statement. This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.
*/
startQueryPlanning(params: LakeFormation.Types.StartQueryPlanningRequest, callback?: (err: AWSError, data: LakeFormation.Types.StartQueryPlanningResponse) => void): Request<LakeFormation.Types.StartQueryPlanningResponse, AWSError>;
/**
* Submits a request to process a query statement. This operation generates work units that can be retrieved with the GetWorkUnits operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.
*/
startQueryPlanning(callback?: (err: AWSError, data: LakeFormation.Types.StartQueryPlanningResponse) => void): Request<LakeFormation.Types.StartQueryPlanningResponse, AWSError>;
/**
* Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.
*/
startTransaction(params: LakeFormation.Types.StartTransactionRequest, callback?: (err: AWSError, data: LakeFormation.Types.StartTransactionResponse) => void): Request<LakeFormation.Types.StartTransactionResponse, AWSError>;
/**
* Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.
*/
startTransaction(callback?: (err: AWSError, data: LakeFormation.Types.StartTransactionResponse) => void): Request<LakeFormation.Types.StartTransactionResponse, AWSError>;
/**
* Updates a data cell filter.
*/
updateDataCellsFilter(params: LakeFormation.Types.UpdateDataCellsFilterRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateDataCellsFilterResponse) => void): Request<LakeFormation.Types.UpdateDataCellsFilterResponse, AWSError>;
/**
* Updates a data cell filter.
*/
updateDataCellsFilter(callback?: (err: AWSError, data: LakeFormation.Types.UpdateDataCellsFilterResponse) => void): Request<LakeFormation.Types.UpdateDataCellsFilterResponse, AWSError>;
/**
* Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.
*/
updateLFTag(params: LakeFormation.Types.UpdateLFTagRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateLFTagResponse) => void): Request<LakeFormation.Types.UpdateLFTagResponse, AWSError>;
/**
* Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.
*/
updateLFTag(callback?: (err: AWSError, data: LakeFormation.Types.UpdateLFTagResponse) => void): Request<LakeFormation.Types.UpdateLFTagResponse, AWSError>;
/**
* Updates the IAM Identity Center connection parameters.
*/
updateLakeFormationIdentityCenterConfiguration(params: LakeFormation.Types.UpdateLakeFormationIdentityCenterConfigurationRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.UpdateLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Updates the IAM Identity Center connection parameters.
*/
updateLakeFormationIdentityCenterConfiguration(callback?: (err: AWSError, data: LakeFormation.Types.UpdateLakeFormationIdentityCenterConfigurationResponse) => void): Request<LakeFormation.Types.UpdateLakeFormationIdentityCenterConfigurationResponse, AWSError>;
/**
* Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
*/
updateResource(params: LakeFormation.Types.UpdateResourceRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateResourceResponse) => void): Request<LakeFormation.Types.UpdateResourceResponse, AWSError>;
/**
* Updates the data access role used for vending access to the given (registered) resource in Lake Formation.
*/
updateResource(callback?: (err: AWSError, data: LakeFormation.Types.UpdateResourceResponse) => void): Request<LakeFormation.Types.UpdateResourceResponse, AWSError>;
/**
* Updates the manifest of Amazon S3 objects that make up the specified governed table.
*/
updateTableObjects(params: LakeFormation.Types.UpdateTableObjectsRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateTableObjectsResponse) => void): Request<LakeFormation.Types.UpdateTableObjectsResponse, AWSError>;
/**
* Updates the manifest of Amazon S3 objects that make up the specified governed table.
*/
updateTableObjects(callback?: (err: AWSError, data: LakeFormation.Types.UpdateTableObjectsResponse) => void): Request<LakeFormation.Types.UpdateTableObjectsResponse, AWSError>;
/**
* Updates the configuration of the storage optimizers for a table.
*/
updateTableStorageOptimizer(params: LakeFormation.Types.UpdateTableStorageOptimizerRequest, callback?: (err: AWSError, data: LakeFormation.Types.UpdateTableStorageOptimizerResponse) => void): Request<LakeFormation.Types.UpdateTableStorageOptimizerResponse, AWSError>;
/**
* Updates the configuration of the storage optimizers for a table.
*/
updateTableStorageOptimizer(callback?: (err: AWSError, data: LakeFormation.Types.UpdateTableStorageOptimizerResponse) => void): Request<LakeFormation.Types.UpdateTableStorageOptimizerResponse, AWSError>;
}
declare namespace LakeFormation {
export type AccessKeyIdString = string;
export interface AddLFTagsToResourceRequest {
/**
* The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
*/
CatalogId?: CatalogIdString;
/**
* The database, table, or column resource to which to attach an LF-tag.
*/
Resource: Resource;
/**
* The LF-tags to attach to the resource.
*/
LFTags: LFTagsList;
}
export interface AddLFTagsToResourceResponse {
/**
* A list of failures to tag the resource.
*/
Failures?: LFTagErrors;
}
export interface AddObjectInput {
/**
* The Amazon S3 location of the object.
*/
Uri: URI;
/**
* The Amazon S3 ETag of the object. Returned by GetTableObjects for validation and used to identify changes to the underlying data.
*/
ETag: ETagString;
/**
* The size of the Amazon S3 object in bytes.
*/
Size: ObjectSize;
/**
* A list of partition values for the object. A value must be specified for each partition key associated with the table. The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss"), string and decimal.
*/
PartitionValues?: PartitionValuesList;
}
export type AdditionalContextMap = {[key: string]: ContextValue};
export interface AllRowsWildcard {
}
export type ApplicationArn = string;
export type ApplicationStatus = "ENABLED"|"DISABLED"|string;
export interface AssumeDecoratedRoleWithSAMLRequest {
/**
* A SAML assertion consisting of an assertion statement for the user who needs temporary credentials. This must match the SAML assertion that was issued to IAM. This must be Base64 encoded.
*/
SAMLAssertion: SAMLAssertionString;
/**
* The role that represents an IAM principal whose scope down policy allows it to call credential vending APIs such as GetTemporaryTableCredentials. The caller must also have iam:PassRole permission on this role.
*/
RoleArn: IAMRoleArn;
/**
* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
*/
PrincipalArn: IAMSAMLProviderArn;
/**
* The time period, between 900 and 43,200 seconds, for the timeout of the temporary credentials.
*/
DurationSeconds?: CredentialTimeoutDurationSecondInteger;
}
export interface AssumeDecoratedRoleWithSAMLResponse {
/**
* The access key ID for the temporary credentials. (The access key consists of an access key ID and a secret key).
*/
AccessKeyId?: AccessKeyIdString;
/**
* The secret key for the temporary credentials. (The access key consists of an access key ID and a secret key).
*/
SecretAccessKey?: SecretAccessKeyString;
/**
* The session token for the temporary credentials.
*/
SessionToken?: SessionTokenString;
/**
* The date and time when the temporary credentials expire.
*/
Expiration?: ExpirationTimestamp;
}
export interface AuditContext {
/**
* The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.
*/
AdditionalAuditContext?: AuditContextString;
}
export type AuditContextString = string;
export type AuthorizedSessionTagValueList = NameString[];
export interface BatchGrantPermissionsRequest {
/**
* The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
*/
CatalogId?: CatalogIdString;
/**
* A list of up to 20 entries for resource permissions to be granted by batch operation to the principal.
*/
Entrie