Class: AWSCDK::LakeFormation::CfnDataLakeSettingsProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::LakeFormation::CfnDataLakeSettingsProps
- Defined in:
- lake_formation/cfn_data_lake_settings_props.rb
Overview
Properties for defining a CfnDataLakeSettings.
Instance Attribute Summary collapse
-
#admins ⇒ AWSCDK::IResolvable, ...
readonly
A list of AWS Lake Formation principals.
-
#allow_external_data_filtering ⇒ Boolean, ...
readonly
Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation .
-
#allow_full_table_external_data_access ⇒ Boolean, ...
readonly
Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access.
-
#authorized_session_tag_value_list ⇒ Array<String>?
readonly
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
-
#create_database_default_permissions ⇒ AWSCDK::IResolvable, ...
readonly
Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
-
#create_table_default_permissions ⇒ AWSCDK::IResolvable, ...
readonly
Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
-
#external_data_filtering_allow_list ⇒ AWSCDK::IResolvable, ...
readonly
A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.
-
#mutation_type ⇒ String?
readonly
Specifies whether the data lake settings are updated by adding new values to the current settings (
APPEND) or by replacing the current settings with new settings (REPLACE). -
#parameters ⇒ Object?
readonly
A key-value map that provides an additional configuration on your data lake.
- #read_only_admins ⇒ AWSCDK::IResolvable, ... readonly
-
#trusted_resource_owners ⇒ Array<String>?
readonly
An array of UTF-8 strings.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(admins: nil, allow_external_data_filtering: nil, allow_full_table_external_data_access: nil, authorized_session_tag_value_list: nil, create_database_default_permissions: nil, create_table_default_permissions: nil, external_data_filtering_allow_list: nil, mutation_type: nil, parameters: nil, read_only_admins: nil, trusted_resource_owners: nil) ⇒ CfnDataLakeSettingsProps
constructor
A new instance of CfnDataLakeSettingsProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(admins: nil, allow_external_data_filtering: nil, allow_full_table_external_data_access: nil, authorized_session_tag_value_list: nil, create_database_default_permissions: nil, create_table_default_permissions: nil, external_data_filtering_allow_list: nil, mutation_type: nil, parameters: nil, read_only_admins: nil, trusted_resource_owners: nil) ⇒ CfnDataLakeSettingsProps
Returns a new instance of CfnDataLakeSettingsProps.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 20 def initialize(admins: nil, allow_external_data_filtering: nil, allow_full_table_external_data_access: nil, authorized_session_tag_value_list: nil, create_database_default_permissions: nil, create_table_default_permissions: nil, external_data_filtering_allow_list: nil, mutation_type: nil, parameters: nil, read_only_admins: nil, trusted_resource_owners: nil) @admins = admins Jsii::Type.check_type(@admins, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFrZWZvcm1hdGlvbi5DZm5EYXRhTGFrZVNldHRpbmdzLkRhdGFMYWtlUHJpbmNpcGFsUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "admins") unless @admins.nil? @allow_external_data_filtering = allow_external_data_filtering Jsii::Type.check_type(@allow_external_data_filtering, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "allowExternalDataFiltering") unless @allow_external_data_filtering.nil? @allow_full_table_external_data_access = allow_full_table_external_data_access Jsii::Type.check_type(@allow_full_table_external_data_access, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "allowFullTableExternalDataAccess") unless @allow_full_table_external_data_access.nil? @authorized_session_tag_value_list = Jsii::Type.check_type(@authorized_session_tag_value_list, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "authorizedSessionTagValueList") unless @authorized_session_tag_value_list.nil? @create_database_default_permissions = Jsii::Type.check_type(@create_database_default_permissions, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFrZWZvcm1hdGlvbi5DZm5EYXRhTGFrZVNldHRpbmdzLlByaW5jaXBhbFBlcm1pc3Npb25zUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "createDatabaseDefaultPermissions") unless @create_database_default_permissions.nil? @create_table_default_permissions = Jsii::Type.check_type(@create_table_default_permissions, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFrZWZvcm1hdGlvbi5DZm5EYXRhTGFrZVNldHRpbmdzLlByaW5jaXBhbFBlcm1pc3Npb25zUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "createTableDefaultPermissions") unless @create_table_default_permissions.nil? @external_data_filtering_allow_list = external_data_filtering_allow_list Jsii::Type.check_type(@external_data_filtering_allow_list, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFrZWZvcm1hdGlvbi5DZm5EYXRhTGFrZVNldHRpbmdzLkRhdGFMYWtlUHJpbmNpcGFsUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "externalDataFilteringAllowList") unless @external_data_filtering_allow_list.nil? @mutation_type = mutation_type Jsii::Type.check_type(@mutation_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mutationType") unless @mutation_type.nil? @parameters = parameters Jsii::Type.check_type(@parameters, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "parameters") unless @parameters.nil? @read_only_admins = read_only_admins Jsii::Type.check_type(@read_only_admins, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbGFrZWZvcm1hdGlvbi5DZm5EYXRhTGFrZVNldHRpbmdzLkRhdGFMYWtlUHJpbmNpcGFsUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "readOnlyAdmins") unless @read_only_admins.nil? @trusted_resource_owners = trusted_resource_owners Jsii::Type.check_type(@trusted_resource_owners, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "trustedResourceOwners") unless @trusted_resource_owners.nil? end |
Instance Attribute Details
#admins ⇒ AWSCDK::IResolvable, ... (readonly)
A list of AWS Lake Formation principals.
49 50 51 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 49 def admins @admins end |
#allow_external_data_filtering ⇒ Boolean, ... (readonly)
Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation .
If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation .
If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation.
For more information, see External data filtering setting .
60 61 62 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 60 def allow_external_data_filtering @allow_external_data_filtering end |
#allow_full_table_external_data_access ⇒ Boolean, ... (readonly)
Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access.
It provides query engines and applications performance benefits as well as simplifies data access. Amazon EMR on Amazon EC2 is able to leverage this setting.
69 70 71 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 69 def allow_full_table_external_data_access @allow_full_table_external_data_access end |
#authorized_session_tag_value_list ⇒ Array<String>? (readonly)
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation 's administrative API operations.
76 77 78 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 76 def @authorized_session_tag_value_list end |
#create_database_default_permissions ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS .
For more information, see Changing the default security settings for your data lake .
87 88 89 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 87 def @create_database_default_permissions end |
#create_table_default_permissions ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates that the access is controlled by Lake Formation permissions. ALL permissions assigned to IAM_ALLOWED_PRINCIPALS group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL permissions to IAM_ALLOWED_PRINCIPALS .
For more information, see Changing the default security settings for your data lake .
98 99 100 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 98 def @create_table_default_permissions end |
#external_data_filtering_allow_list ⇒ AWSCDK::IResolvable, ... (readonly)
A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.
103 104 105 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 103 def external_data_filtering_allow_list @external_data_filtering_allow_list end |
#mutation_type ⇒ String? (readonly)
Specifies whether the data lake settings are updated by adding new values to the current settings ( APPEND ) or by replacing the current settings with new settings ( REPLACE ).
If you choose
REPLACE, your current data lake settings will be replaced with the new values in your template.
110 111 112 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 110 def mutation_type @mutation_type end |
#parameters ⇒ Object? (readonly)
A key-value map that provides an additional configuration on your data lake.
CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, 3, and 4.
117 118 119 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 117 def parameters @parameters end |
#read_only_admins ⇒ AWSCDK::IResolvable, ... (readonly)
120 121 122 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 120 def read_only_admins @read_only_admins end |
#trusted_resource_owners ⇒ Array<String>? (readonly)
An array of UTF-8 strings.
A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log. You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
127 128 129 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 127 def trusted_resource_owners @trusted_resource_owners end |
Class Method Details
.jsii_properties ⇒ Object
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 129 def self.jsii_properties { :admins => "admins", :allow_external_data_filtering => "allowExternalDataFiltering", :allow_full_table_external_data_access => "allowFullTableExternalDataAccess", :authorized_session_tag_value_list => "authorizedSessionTagValueList", :create_database_default_permissions => "createDatabaseDefaultPermissions", :create_table_default_permissions => "createTableDefaultPermissions", :external_data_filtering_allow_list => "externalDataFilteringAllowList", :mutation_type => "mutationType", :parameters => "parameters", :read_only_admins => "readOnlyAdmins", :trusted_resource_owners => "trustedResourceOwners", } end |
Instance Method Details
#to_jsii ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lake_formation/cfn_data_lake_settings_props.rb', line 145 def to_jsii result = {} result.merge!({ "admins" => @admins, "allowExternalDataFiltering" => @allow_external_data_filtering, "allowFullTableExternalDataAccess" => @allow_full_table_external_data_access, "authorizedSessionTagValueList" => @authorized_session_tag_value_list, "createDatabaseDefaultPermissions" => @create_database_default_permissions, "createTableDefaultPermissions" => @create_table_default_permissions, "externalDataFilteringAllowList" => @external_data_filtering_allow_list, "mutationType" => @mutation_type, "parameters" => @parameters, "readOnlyAdmins" => @read_only_admins, "trustedResourceOwners" => @trusted_resource_owners, }) result.compact end |