aws-sdk-lakeformation 1.20.0 → 1.42.0

data/lib/aws-sdk-lakeformation/client.rb

@@ -27,7 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
+require 'aws-sdk-core/plugins/request_compression.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:lakeformation)
@@ -73,8 +77,13 @@ module Aws::LakeFormation
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
+    add_plugin(Aws::Plugins::RequestCompression)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::RestJson)
+    add_plugin(Aws::LakeFormation::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -175,10 +184,18 @@ module Aws::LakeFormation
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
     #
+    #   @option options [Boolean] :disable_request_compression (false)
+    #     When set to 'true' the request body will not be compressed
+    #     for supported operations.
+    #
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
@@ -199,6 +216,10 @@ module Aws::LakeFormation
     #   @option options [Boolean] :endpoint_discovery (false)
     #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
+    #   @option options [Boolean] :ignore_configured_endpoint_urls
+    #     Setting to true disables use of endpoint URLs provided via environment
+    #     variables and the shared configuration file.
+    #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
     #
@@ -219,6 +240,11 @@ module Aws::LakeFormation
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Integer] :request_min_compression_size_bytes (10240)
+    #     The minimum size in bytes that triggers compression for request
+    #     bodies. The value must be non-negative integer value between 0
+    #     and 10485780 bytes inclusive.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -264,6 +290,11 @@ module Aws::LakeFormation
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -277,6 +308,19 @@ module Aws::LakeFormation
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -290,6 +334,9 @@ module Aws::LakeFormation
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::LakeFormation::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::LakeFormation::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -297,7 +344,7 @@ module Aws::LakeFormation
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -313,6 +360,9 @@ module Aws::LakeFormation
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -437,6 +487,73 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Allows a caller to assume an IAM role decorated as the SAML user
+    # specified in the SAML assertion included in the request. This
+    # decoration allows Lake Formation to enforce access policies against
+    # the SAML users and groups. This API operation requires SAML federation
+    # setup in the caller’s account as it can only be called with valid SAML
+    # assertions. Lake Formation does not scope down the permission of the
+    # assumed role. All permissions attached to the role via the SAML
+    # federation setup will be included in the role session.
+    #
+    # This decorated role is expected to access data in Amazon S3 by getting
+    # temporary access from Lake Formation which is authorized via the
+    # virtual API `GetDataAccess`. Therefore, all SAML roles that can be
+    # assumed via `AssumeDecoratedRoleWithSAML` must at a minimum include
+    # `lakeformation:GetDataAccess` in their role policies. A typical IAM
+    # policy attached to such a role would look as follows:
+    #
+    # @option params [required, String] :saml_assertion
+    #   A SAML assertion consisting of an assertion statement for the user who
+    #   needs temporary credentials. This must match the SAML assertion that
+    #   was issued to IAM. This must be Base64 encoded.
+    #
+    # @option params [required, String] :role_arn
+    #   The role that represents an IAM principal whose scope down policy
+    #   allows it to call credential vending APIs such as
+    #   `GetTemporaryTableCredentials`. The caller must also have iam:PassRole
+    #   permission on this role.
+    #
+    # @option params [required, String] :principal_arn
+    #   The Amazon Resource Name (ARN) of the SAML provider in IAM that
+    #   describes the IdP.
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 43,200 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @return [Types::AssumeDecoratedRoleWithSAMLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#access_key_id #access_key_id} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#session_token #session_token} => String
+    #   * {Types::AssumeDecoratedRoleWithSAMLResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.assume_decorated_role_with_saml({
+    #     saml_assertion: "SAMLAssertionString", # required
+    #     role_arn: "IAMRoleArn", # required
+    #     principal_arn: "IAMSAMLProviderArn", # required
+    #     duration_seconds: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAML AWS API Documentation
+    #
+    # @overload assume_decorated_role_with_saml(params = {})
+    # @param [Hash] params ({})
+    def assume_decorated_role_with_saml(params = {}, options = {})
+      req = build_request(:assume_decorated_role_with_saml, params)
+      req.send_request(options)
+    end
+
     # Batch operation to grant permissions to the principal.
     #
     # @option params [String] :catalog_id
@@ -512,8 +629,8 @@ module Aws::LakeFormation
     #             ],
     #           },
     #         },
-    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
-    #         permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #         permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #       },
     #     ],
     #   })
@@ -552,9 +669,9 @@ module Aws::LakeFormation
     #   resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values #=> Array
     #   resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values[0] #=> String
     #   resp.failures[0].request_entry.permissions #=> Array
-    #   resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.failures[0].request_entry.permissions_with_grant_option #=> Array
-    #   resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.failures[0].error.error_code #=> String
     #   resp.failures[0].error.error_message #=> String
     #
@@ -642,8 +759,8 @@ module Aws::LakeFormation
     #             ],
     #           },
     #         },
-    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
-    #         permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #         permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #         permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #       },
     #     ],
     #   })
@@ -682,9 +799,9 @@ module Aws::LakeFormation
     #   resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values #=> Array
     #   resp.failures[0].request_entry.resource.lf_tag_policy.expression[0].tag_values[0] #=> String
     #   resp.failures[0].request_entry.permissions #=> Array
-    #   resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.failures[0].request_entry.permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.failures[0].request_entry.permissions_with_grant_option #=> Array
-    #   resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.failures[0].request_entry.permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.failures[0].error.error_code #=> String
     #   resp.failures[0].error.error_message #=> String
     #
@@ -776,6 +893,7 @@ module Aws::LakeFormation
     #       column_wildcard: {
     #         excluded_column_names: ["NameString"],
     #       },
+    #       version_id: "VersionString",
     #     },
     #   })
     #
@@ -821,6 +939,84 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Enforce Lake Formation permissions for the given databases, tables,
+    # and principals.
+    #
+    # @option params [required, Types::DataLakePrincipal] :principal
+    #   The Lake Formation principal. Supported principals are IAM users or
+    #   IAM roles.
+    #
+    # @option params [required, Types::Resource] :resource
+    #   A structure for the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_lake_formation_opt_in({
+    #     principal: { # required
+    #       data_lake_principal_identifier: "DataLakePrincipalString",
+    #     },
+    #     resource: { # required
+    #       catalog: {
+    #       },
+    #       database: {
+    #         catalog_id: "CatalogIdString",
+    #         name: "NameString", # required
+    #       },
+    #       table: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString",
+    #         table_wildcard: {
+    #         },
+    #       },
+    #       table_with_columns: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString", # required
+    #         column_names: ["NameString"],
+    #         column_wildcard: {
+    #           excluded_column_names: ["NameString"],
+    #         },
+    #       },
+    #       data_location: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_arn: "ResourceArnString", # required
+    #       },
+    #       data_cells_filter: {
+    #         table_catalog_id: "CatalogIdString",
+    #         database_name: "NameString",
+    #         table_name: "NameString",
+    #         name: "NameString",
+    #       },
+    #       lf_tag: {
+    #         catalog_id: "CatalogIdString",
+    #         tag_key: "NameString", # required
+    #         tag_values: ["LFTagValue"], # required
+    #       },
+    #       lf_tag_policy: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_type: "DATABASE", # required, accepts DATABASE, TABLE
+    #         expression: [ # required
+    #           {
+    #             tag_key: "LFTagKey", # required
+    #             tag_values: ["LFTagValue"], # required
+    #           },
+    #         ],
+    #       },
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationOptIn AWS API Documentation
+    #
+    # @overload create_lake_formation_opt_in(params = {})
+    # @param [Hash] params ({})
+    def create_lake_formation_opt_in(params = {}, options = {})
+      req = build_request(:create_lake_formation_opt_in, params)
+      req.send_request(options)
+    end
+
     # Deletes a data cell filter.
     #
     # @option params [String] :table_catalog_id
@@ -855,13 +1051,12 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
-    # Deletes the specified LF-tag key name. If the attribute key does not
-    # exist or the LF-tag does not exist, then the operation will not do
-    # anything. If the attribute key exists, then the operation checks if
-    # any resources are tagged with this attribute key, if yes, the API
-    # throws a 400 Exception with the message "Delete not allowed" as the
-    # LF-tag key is still attached with resources. You can consider
-    # untagging resources with this LF-tag key.
+    # Deletes the specified LF-tag given a key name. If the input parameter
+    # tag key was not found, then the operation will throw an exception.
+    # When you delete an LF-tag, the `LFTagPolicy` attached to the LF-tag
+    # becomes invalid. If the deleted LF-tag was still assigned to any
+    # resource, the tag policy attach to the deleted LF-tag will no longer
+    # be applied to the resource.
     #
     # @option params [String] :catalog_id
     #   The identifier for the Data Catalog. By default, the account ID. The
@@ -890,6 +1085,84 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Remove the Lake Formation permissions enforcement of the given
+    # databases, tables, and principals.
+    #
+    # @option params [required, Types::DataLakePrincipal] :principal
+    #   The Lake Formation principal. Supported principals are IAM users or
+    #   IAM roles.
+    #
+    # @option params [required, Types::Resource] :resource
+    #   A structure for the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_lake_formation_opt_in({
+    #     principal: { # required
+    #       data_lake_principal_identifier: "DataLakePrincipalString",
+    #     },
+    #     resource: { # required
+    #       catalog: {
+    #       },
+    #       database: {
+    #         catalog_id: "CatalogIdString",
+    #         name: "NameString", # required
+    #       },
+    #       table: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString",
+    #         table_wildcard: {
+    #         },
+    #       },
+    #       table_with_columns: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString", # required
+    #         column_names: ["NameString"],
+    #         column_wildcard: {
+    #           excluded_column_names: ["NameString"],
+    #         },
+    #       },
+    #       data_location: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_arn: "ResourceArnString", # required
+    #       },
+    #       data_cells_filter: {
+    #         table_catalog_id: "CatalogIdString",
+    #         database_name: "NameString",
+    #         table_name: "NameString",
+    #         name: "NameString",
+    #       },
+    #       lf_tag: {
+    #         catalog_id: "CatalogIdString",
+    #         tag_key: "NameString", # required
+    #         tag_values: ["LFTagValue"], # required
+    #       },
+    #       lf_tag_policy: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_type: "DATABASE", # required, accepts DATABASE, TABLE
+    #         expression: [ # required
+    #           {
+    #             tag_key: "LFTagKey", # required
+    #             tag_values: ["LFTagValue"], # required
+    #           },
+    #         ],
+    #       },
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DeleteLakeFormationOptIn AWS API Documentation
+    #
+    # @overload delete_lake_formation_opt_in(params = {})
+    # @param [Hash] params ({})
+    def delete_lake_formation_opt_in(params = {}, options = {})
+      req = build_request(:delete_lake_formation_opt_in, params)
+      req.send_request(options)
+    end
+
     # For a specific governed table, provides a list of Amazon S3 objects
     # that will be written during the current transaction and that can be
     # automatically deleted if the transaction is canceled. Without this
@@ -995,6 +1268,8 @@ module Aws::LakeFormation
     #   resp.resource_info.resource_arn #=> String
     #   resp.resource_info.role_arn #=> String
     #   resp.resource_info.last_modified #=> Time
+    #   resp.resource_info.with_federation #=> Boolean
+    #   resp.resource_info.hybrid_access_enabled #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DescribeResource AWS API Documentation
     #
@@ -1062,6 +1337,55 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Returns a data cells filter.
+    #
+    # @option params [required, String] :table_catalog_id
+    #   The ID of the catalog to which the table belongs.
+    #
+    # @option params [required, String] :database_name
+    #   A database in the Glue Data Catalog.
+    #
+    # @option params [required, String] :table_name
+    #   A table in the database.
+    #
+    # @option params [required, String] :name
+    #   The name given by the user to the data filter cell.
+    #
+    # @return [Types::GetDataCellsFilterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetDataCellsFilterResponse#data_cells_filter #data_cells_filter} => Types::DataCellsFilter
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_data_cells_filter({
+    #     table_catalog_id: "CatalogIdString", # required
+    #     database_name: "NameString", # required
+    #     table_name: "NameString", # required
+    #     name: "NameString", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.data_cells_filter.table_catalog_id #=> String
+    #   resp.data_cells_filter.database_name #=> String
+    #   resp.data_cells_filter.table_name #=> String
+    #   resp.data_cells_filter.name #=> String
+    #   resp.data_cells_filter.row_filter.filter_expression #=> String
+    #   resp.data_cells_filter.column_names #=> Array
+    #   resp.data_cells_filter.column_names[0] #=> String
+    #   resp.data_cells_filter.column_wildcard.excluded_column_names #=> Array
+    #   resp.data_cells_filter.column_wildcard.excluded_column_names[0] #=> String
+    #   resp.data_cells_filter.version_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataCellsFilter AWS API Documentation
+    #
+    # @overload get_data_cells_filter(params = {})
+    # @param [Hash] params ({})
+    def get_data_cells_filter(params = {}, options = {})
+      req = build_request(:get_data_cells_filter, params)
+      req.send_request(options)
+    end
+
     # Retrieves the list of the data lake administrators of a Lake
     # Formation-managed data lake.
     #
@@ -1085,16 +1409,26 @@ module Aws::LakeFormation
     #
     #   resp.data_lake_settings.data_lake_admins #=> Array
     #   resp.data_lake_settings.data_lake_admins[0].data_lake_principal_identifier #=> String
+    #   resp.data_lake_settings.read_only_admins #=> Array
+    #   resp.data_lake_settings.read_only_admins[0].data_lake_principal_identifier #=> String
     #   resp.data_lake_settings.create_database_default_permissions #=> Array
     #   resp.data_lake_settings.create_database_default_permissions[0].principal.data_lake_principal_identifier #=> String
     #   resp.data_lake_settings.create_database_default_permissions[0].permissions #=> Array
-    #   resp.data_lake_settings.create_database_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.data_lake_settings.create_database_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.data_lake_settings.create_table_default_permissions #=> Array
     #   resp.data_lake_settings.create_table_default_permissions[0].principal.data_lake_principal_identifier #=> String
     #   resp.data_lake_settings.create_table_default_permissions[0].permissions #=> Array
-    #   resp.data_lake_settings.create_table_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.data_lake_settings.create_table_default_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
+    #   resp.data_lake_settings.parameters #=> Hash
+    #   resp.data_lake_settings.parameters["KeyString"] #=> String
     #   resp.data_lake_settings.trusted_resource_owners #=> Array
     #   resp.data_lake_settings.trusted_resource_owners[0] #=> String
+    #   resp.data_lake_settings.allow_external_data_filtering #=> Boolean
+    #   resp.data_lake_settings.allow_full_table_external_data_access #=> Boolean
+    #   resp.data_lake_settings.external_data_filtering_allow_list #=> Array
+    #   resp.data_lake_settings.external_data_filtering_allow_list[0].data_lake_principal_identifier #=> String
+    #   resp.data_lake_settings.authorized_session_tag_value_list #=> Array
+    #   resp.data_lake_settings.authorized_session_tag_value_list[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataLakeSettings AWS API Documentation
     #
@@ -1176,11 +1510,13 @@ module Aws::LakeFormation
     #   resp.permissions[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
     #   resp.permissions[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
     #   resp.permissions[0].permissions #=> Array
-    #   resp.permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.permissions[0].permissions_with_grant_option #=> Array
-    #   resp.permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.permissions[0].additional_details.resource_share #=> Array
     #   resp.permissions[0].additional_details.resource_share[0] #=> String
+    #   resp.permissions[0].last_updated #=> Time
+    #   resp.permissions[0].last_updated_by #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetEffectivePermissionsForPath AWS API Documentation
@@ -1493,6 +1829,133 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # This API is identical to `GetTemporaryTableCredentials` except that
+    # this is used when the target Data Catalog resource is of type
+    # Partition. Lake Formation restricts the permission of the vended
+    # credentials with the same scope down policy which restricts access to
+    # a single Amazon S3 prefix.
+    #
+    # @option params [required, String] :table_arn
+    #   The ARN of the partitions' table.
+    #
+    # @option params [required, Types::PartitionValueList] :partition
+    #   A list of partition values identifying a single partition.
+    #
+    # @option params [Array<String>] :permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @option params [Types::AuditContext] :audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #
+    # @option params [Array<String>] :supported_permission_types
+    #   A list of supported permission types for the partition. Valid values
+    #   are `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #
+    # @return [Types::GetTemporaryGluePartitionCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#access_key_id #access_key_id} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#session_token #session_token} => String
+    #   * {Types::GetTemporaryGluePartitionCredentialsResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_temporary_glue_partition_credentials({
+    #     table_arn: "ResourceArnString", # required
+    #     partition: { # required
+    #       values: ["ValueString"], # required
+    #     },
+    #     permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #     duration_seconds: 1,
+    #     audit_context: {
+    #       additional_audit_context: "AuditContextString",
+    #     },
+    #     supported_permission_types: ["COLUMN_PERMISSION"], # accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION, NESTED_PERMISSION, NESTED_CELL_PERMISSION
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentials AWS API Documentation
+    #
+    # @overload get_temporary_glue_partition_credentials(params = {})
+    # @param [Hash] params ({})
+    def get_temporary_glue_partition_credentials(params = {}, options = {})
+      req = build_request(:get_temporary_glue_partition_credentials, params)
+      req.send_request(options)
+    end
+
+    # Allows a caller in a secure environment to assume a role with
+    # permission to access Amazon S3. In order to vend such credentials,
+    # Lake Formation assumes the role associated with a registered location,
+    # for example an Amazon S3 bucket, with a scope down policy which
+    # restricts the access to a single prefix.
+    #
+    # @option params [required, String] :table_arn
+    #   The ARN identifying a table in the Data Catalog for the temporary
+    #   credentials request.
+    #
+    # @option params [Array<String>] :permissions
+    #   Filters the request based on the user having been granted a list of
+    #   specified permissions on the requested resource(s).
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 21,600 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @option params [Types::AuditContext] :audit_context
+    #   A structure representing context to access a resource (column names,
+    #   query ID, etc).
+    #
+    # @option params [Array<String>] :supported_permission_types
+    #   A list of supported permission types for the table. Valid values are
+    #   `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
+    #
+    # @return [Types::GetTemporaryGlueTableCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#access_key_id #access_key_id} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#secret_access_key #secret_access_key} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#session_token #session_token} => String
+    #   * {Types::GetTemporaryGlueTableCredentialsResponse#expiration #expiration} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_temporary_glue_table_credentials({
+    #     table_arn: "ResourceArnString", # required
+    #     permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #     duration_seconds: 1,
+    #     audit_context: {
+    #       additional_audit_context: "AuditContextString",
+    #     },
+    #     supported_permission_types: ["COLUMN_PERMISSION"], # accepts COLUMN_PERMISSION, CELL_FILTER_PERMISSION, NESTED_PERMISSION, NESTED_CELL_PERMISSION
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.access_key_id #=> String
+    #   resp.secret_access_key #=> String
+    #   resp.session_token #=> String
+    #   resp.expiration #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentials AWS API Documentation
+    #
+    # @overload get_temporary_glue_table_credentials(params = {})
+    # @param [Hash] params ({})
+    def get_temporary_glue_table_credentials(params = {}, options = {})
+      req = build_request(:get_temporary_glue_table_credentials, params)
+      req.send_request(options)
+    end
+
     # Returns the work units resulting from the query. Work units can be
     # executed in any order and in parallel.
     #
@@ -1593,7 +2056,7 @@ module Aws::LakeFormation
     #
     #
     #
-    # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html
+    # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html
     #
     # @option params [String] :catalog_id
     #   The identifier for the Data Catalog. By default, the account ID. The
@@ -1684,8 +2147,8 @@ module Aws::LakeFormation
     #         ],
     #       },
     #     },
-    #     permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
-    #     permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #     permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #     permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GrantPermissions AWS API Documentation
@@ -1741,6 +2204,7 @@ module Aws::LakeFormation
     #   resp.data_cells_filters[0].column_names[0] #=> String
     #   resp.data_cells_filters[0].column_wildcard.excluded_column_names #=> Array
     #   resp.data_cells_filters[0].column_wildcard.excluded_column_names[0] #=> String
+    #   resp.data_cells_filters[0].version_id #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListDataCellsFilter AWS API Documentation
@@ -1808,6 +2272,134 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Retrieve the current list of resources and principals that are opt in
+    # to enforce Lake Formation permissions.
+    #
+    # @option params [Types::DataLakePrincipal] :principal
+    #   The Lake Formation principal. Supported principals are IAM users or
+    #   IAM roles.
+    #
+    # @option params [Types::Resource] :resource
+    #   A structure for the resource.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @option params [String] :next_token
+    #   A continuation token, if this is not the first call to retrieve this
+    #   list.
+    #
+    # @return [Types::ListLakeFormationOptInsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListLakeFormationOptInsResponse#lake_formation_opt_ins_info_list #lake_formation_opt_ins_info_list} => Array&lt;Types::LakeFormationOptInsInfo&gt;
+    #   * {Types::ListLakeFormationOptInsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_lake_formation_opt_ins({
+    #     principal: {
+    #       data_lake_principal_identifier: "DataLakePrincipalString",
+    #     },
+    #     resource: {
+    #       catalog: {
+    #       },
+    #       database: {
+    #         catalog_id: "CatalogIdString",
+    #         name: "NameString", # required
+    #       },
+    #       table: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString",
+    #         table_wildcard: {
+    #         },
+    #       },
+    #       table_with_columns: {
+    #         catalog_id: "CatalogIdString",
+    #         database_name: "NameString", # required
+    #         name: "NameString", # required
+    #         column_names: ["NameString"],
+    #         column_wildcard: {
+    #           excluded_column_names: ["NameString"],
+    #         },
+    #       },
+    #       data_location: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_arn: "ResourceArnString", # required
+    #       },
+    #       data_cells_filter: {
+    #         table_catalog_id: "CatalogIdString",
+    #         database_name: "NameString",
+    #         table_name: "NameString",
+    #         name: "NameString",
+    #       },
+    #       lf_tag: {
+    #         catalog_id: "CatalogIdString",
+    #         tag_key: "NameString", # required
+    #         tag_values: ["LFTagValue"], # required
+    #       },
+    #       lf_tag_policy: {
+    #         catalog_id: "CatalogIdString",
+    #         resource_type: "DATABASE", # required, accepts DATABASE, TABLE
+    #         expression: [ # required
+    #           {
+    #             tag_key: "LFTagKey", # required
+    #             tag_values: ["LFTagValue"], # required
+    #           },
+    #         ],
+    #       },
+    #     },
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.lake_formation_opt_ins_info_list #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.database.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.database.name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table.database_name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table.name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.database_name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_names #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_names[0] #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_wildcard.excluded_column_names #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.table_with_columns.column_wildcard.excluded_column_names[0] #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_location.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_location.resource_arn #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.table_catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.database_name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.table_name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.data_cells_filter.name #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_key #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_values #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag.tag_values[0] #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.catalog_id #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.resource_type #=> String, one of "DATABASE", "TABLE"
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_key #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
+    #   resp.lake_formation_opt_ins_info_list[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].principal.data_lake_principal_identifier #=> String
+    #   resp.lake_formation_opt_ins_info_list[0].last_modified #=> Time
+    #   resp.lake_formation_opt_ins_info_list[0].last_updated_by #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListLakeFormationOptIns AWS API Documentation
+    #
+    # @overload list_lake_formation_opt_ins(params = {})
+    # @param [Hash] params ({})
+    def list_lake_formation_opt_ins(params = {}, options = {})
+      req = build_request(:list_lake_formation_opt_ins, params)
+      req.send_request(options)
+    end
+
     # Returns a list of the principal permissions on the resource, filtered
     # by the permissions of the caller. For example, if you are granted an
     # ALTER permission, you are able to see only the principal permissions
@@ -1821,7 +2413,7 @@ module Aws::LakeFormation
     #
     #
     #
-    # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html
+    # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html
     #
     # @option params [String] :catalog_id
     #   The identifier for the Data Catalog. By default, the account ID. The
@@ -1954,11 +2546,13 @@ module Aws::LakeFormation
     #   resp.principal_resource_permissions[0].resource.lf_tag_policy.expression[0].tag_values #=> Array
     #   resp.principal_resource_permissions[0].resource.lf_tag_policy.expression[0].tag_values[0] #=> String
     #   resp.principal_resource_permissions[0].permissions #=> Array
-    #   resp.principal_resource_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.principal_resource_permissions[0].permissions[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.principal_resource_permissions[0].permissions_with_grant_option #=> Array
-    #   resp.principal_resource_permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_TAG", "ALTER_TAG", "DELETE_TAG", "DESCRIBE_TAG", "ASSOCIATE_TAG"
+    #   resp.principal_resource_permissions[0].permissions_with_grant_option[0] #=> String, one of "ALL", "SELECT", "ALTER", "DROP", "DELETE", "INSERT", "DESCRIBE", "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", "CREATE_LF_TAG", "ASSOCIATE", "GRANT_WITH_LF_TAG_EXPRESSION"
     #   resp.principal_resource_permissions[0].additional_details.resource_share #=> Array
     #   resp.principal_resource_permissions[0].additional_details.resource_share[0] #=> String
+    #   resp.principal_resource_permissions[0].last_updated #=> Time
+    #   resp.principal_resource_permissions[0].last_updated_by #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListPermissions AWS API Documentation
@@ -2010,6 +2604,8 @@ module Aws::LakeFormation
     #   resp.resource_info_list[0].resource_arn #=> String
     #   resp.resource_info_list[0].role_arn #=> String
     #   resp.resource_info_list[0].last_modified #=> Time
+    #   resp.resource_info_list[0].with_federation #=> Boolean
+    #   resp.resource_info_list[0].hybrid_access_enabled #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListResources AWS API Documentation
@@ -2172,12 +2768,17 @@ module Aws::LakeFormation
     #           data_lake_principal_identifier: "DataLakePrincipalString",
     #         },
     #       ],
+    #       read_only_admins: [
+    #         {
+    #           data_lake_principal_identifier: "DataLakePrincipalString",
+    #         },
+    #       ],
     #       create_database_default_permissions: [
     #         {
     #           principal: {
     #             data_lake_principal_identifier: "DataLakePrincipalString",
     #           },
-    #           permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #           permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #         },
     #       ],
     #       create_table_default_permissions: [
@@ -2185,10 +2786,21 @@ module Aws::LakeFormation
     #           principal: {
     #             data_lake_principal_identifier: "DataLakePrincipalString",
     #           },
-    #           permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #           permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #         },
     #       ],
+    #       parameters: {
+    #         "KeyString" => "ParametersMapValue",
+    #       },
     #       trusted_resource_owners: ["CatalogIdString"],
+    #       allow_external_data_filtering: false,
+    #       allow_full_table_external_data_access: false,
+    #       external_data_filtering_allow_list: [
+    #         {
+    #           data_lake_principal_identifier: "DataLakePrincipalString",
+    #         },
+    #       ],
+    #       authorized_session_tag_value_list: ["NameString"],
     #     },
     #   })
     #
@@ -2219,7 +2831,7 @@ module Aws::LakeFormation
     # `ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true`
     #
     # If `UseServiceLinkedRole` is not set to true, you must provide or set
-    # the `RoleArn`\:
+    # the `RoleArn`:
     #
     # `arn:aws:iam::12345:role/my-data-access-role`
     #
@@ -2238,11 +2850,19 @@ module Aws::LakeFormation
     #
     #
     #
-    #   [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
+    #   [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
     #
     # @option params [String] :role_arn
     #   The identifier for the role that registers the resource.
     #
+    # @option params [Boolean] :with_federation
+    #   Whether or not the resource is a federated resource.
+    #
+    # @option params [Boolean] :hybrid_access_enabled
+    #   Specifies whether the data access of tables pointing to the location
+    #   can be managed by both Lake Formation permissions as well as Amazon S3
+    #   bucket policies.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2251,6 +2871,8 @@ module Aws::LakeFormation
     #     resource_arn: "ResourceArnString", # required
     #     use_service_linked_role: false,
     #     role_arn: "IAMRoleArn",
+    #     with_federation: false,
+    #     hybrid_access_enabled: false,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RegisterResource AWS API Documentation
@@ -2387,7 +3009,7 @@ module Aws::LakeFormation
     #
     #
     #
-    #   [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html
+    #   [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html
     #
     # @option params [Array<String>] :permissions_with_grant_option
     #   Indicates a list of permissions for which to revoke the grant option
@@ -2451,8 +3073,8 @@ module Aws::LakeFormation
     #         ],
     #       },
     #     },
-    #     permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
-    #     permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
+    #     permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
+    #     permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_LF_TAG, ASSOCIATE, GRANT_WITH_LF_TAG_EXPRESSION
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RevokePermissions AWS API Documentation
@@ -2683,6 +3305,44 @@ module Aws::LakeFormation
       req.send_request(options)
     end
 
+    # Updates a data cell filter.
+    #
+    # @option params [required, Types::DataCellsFilter] :table_data
+    #   A `DataCellsFilter` structure containing information about the data
+    #   cells filter.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_data_cells_filter({
+    #     table_data: { # required
+    #       table_catalog_id: "CatalogIdString", # required
+    #       database_name: "NameString", # required
+    #       table_name: "NameString", # required
+    #       name: "NameString", # required
+    #       row_filter: {
+    #         filter_expression: "PredicateString",
+    #         all_rows_wildcard: {
+    #         },
+    #       },
+    #       column_names: ["NameString"],
+    #       column_wildcard: {
+    #         excluded_column_names: ["NameString"],
+    #       },
+    #       version_id: "VersionString",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateDataCellsFilter AWS API Documentation
+    #
+    # @overload update_data_cells_filter(params = {})
+    # @param [Hash] params ({})
+    def update_data_cells_filter(params = {}, options = {})
+      req = build_request(:update_data_cells_filter, params)
+      req.send_request(options)
+    end
+
     # Updates the list of possible values for the specified LF-tag key. If
     # the LF-tag does not exist, the operation throws an
     # EntityNotFoundException. The values in the delete key values will be
@@ -2736,6 +3396,14 @@ module Aws::LakeFormation
     # @option params [required, String] :resource_arn
     #   The resource ARN.
     #
+    # @option params [Boolean] :with_federation
+    #   Whether or not the resource is a federated resource.
+    #
+    # @option params [Boolean] :hybrid_access_enabled
+    #   Specifies whether the data access of tables pointing to the location
+    #   can be managed by both Lake Formation permissions as well as Amazon S3
+    #   bucket policies.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2743,6 +3411,8 @@ module Aws::LakeFormation
     #   resp = client.update_resource({
     #     role_arn: "IAMRoleArn", # required
     #     resource_arn: "ResourceArnString", # required
+    #     with_federation: false,
+    #     hybrid_access_enabled: false,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateResource AWS API Documentation
@@ -2767,7 +3437,7 @@ module Aws::LakeFormation
     # @option params [required, String] :table_name
     #   The governed table to update.
     #
-    # @option params [required, String] :transaction_id
+    # @option params [String] :transaction_id
     #   The transaction at which to do the write.
     #
     # @option params [required, Array<Types::WriteOperation>] :write_operations
@@ -2782,7 +3452,7 @@ module Aws::LakeFormation
     #     catalog_id: "CatalogIdString",
     #     database_name: "NameString", # required
     #     table_name: "NameString", # required
-    #     transaction_id: "TransactionIdString", # required
+    #     transaction_id: "TransactionIdString",
     #     write_operations: [ # required
     #       {
     #         add_object: {
@@ -2866,7 +3536,7 @@ module Aws::LakeFormation
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-lakeformation'
-      context[:gem_version] = '1.20.0'
+      context[:gem_version] = '1.42.0'
       Seahorse::Client::Request.new(handlers, context)
     end