aws-sdk-lakeformation 1.20.0 → 1.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +113 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-lakeformation/client.rb +708 -38
  5. data/lib/aws-sdk-lakeformation/client_api.rb +272 -3
  6. data/lib/aws-sdk-lakeformation/endpoint_parameters.rb +66 -0
  7. data/lib/aws-sdk-lakeformation/endpoint_provider.rb +54 -0
  8. data/lib/aws-sdk-lakeformation/endpoints.rb +716 -0
  9. data/lib/aws-sdk-lakeformation/errors.rb +16 -0
  10. data/lib/aws-sdk-lakeformation/plugins/endpoints.rb +168 -0
  11. data/lib/aws-sdk-lakeformation/types.rb +548 -1246
  12. data/lib/aws-sdk-lakeformation.rb +5 -1
  13. metadata +8 -4
data/lib/aws-sdk-lakeformation/types.rb CHANGED
@@ -24,69 +24,6 @@ module Aws::LakeFormation
24
24
  include Aws::Structure
25
25
  end
26
26
 
27
- # @note When making an API call, you may pass AddLFTagsToResourceRequest
28
- # data as a hash:
29
- #
30
- # {
31
- # catalog_id: "CatalogIdString",
32
- # resource: { # required
33
- # catalog: {
34
- # },
35
- # database: {
36
- # catalog_id: "CatalogIdString",
37
- # name: "NameString", # required
38
- # },
39
- # table: {
40
- # catalog_id: "CatalogIdString",
41
- # database_name: "NameString", # required
42
- # name: "NameString",
43
- # table_wildcard: {
44
- # },
45
- # },
46
- # table_with_columns: {
47
- # catalog_id: "CatalogIdString",
48
- # database_name: "NameString", # required
49
- # name: "NameString", # required
50
- # column_names: ["NameString"],
51
- # column_wildcard: {
52
- # excluded_column_names: ["NameString"],
53
- # },
54
- # },
55
- # data_location: {
56
- # catalog_id: "CatalogIdString",
57
- # resource_arn: "ResourceArnString", # required
58
- # },
59
- # data_cells_filter: {
60
- # table_catalog_id: "CatalogIdString",
61
- # database_name: "NameString",
62
- # table_name: "NameString",
63
- # name: "NameString",
64
- # },
65
- # lf_tag: {
66
- # catalog_id: "CatalogIdString",
67
- # tag_key: "NameString", # required
68
- # tag_values: ["LFTagValue"], # required
69
- # },
70
- # lf_tag_policy: {
71
- # catalog_id: "CatalogIdString",
72
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
73
- # expression: [ # required
74
- # {
75
- # tag_key: "LFTagKey", # required
76
- # tag_values: ["LFTagValue"], # required
77
- # },
78
- # ],
79
- # },
80
- # },
81
- # lf_tags: [ # required
82
- # {
83
- # catalog_id: "CatalogIdString",
84
- # tag_key: "LFTagKey", # required
85
- # tag_values: ["LFTagValue"], # required
86
- # },
87
- # ],
88
- # }
89
- #
90
27
  # @!attribute [rw] catalog_id
91
28
  # The identifier for the Data Catalog. By default, the account ID. The
92
29
  # Data Catalog is the persistent metadata store. It contains database
@@ -127,16 +64,6 @@ module Aws::LakeFormation
127
64
 
128
65
  # A new object to add to the governed table.
129
66
  #
130
- # @note When making an API call, you may pass AddObjectInput
131
- # data as a hash:
132
- #
133
- # {
134
- # uri: "URI", # required
135
- # etag: "ETagString", # required
136
- # size: 1, # required
137
- # partition_values: ["PartitionValueString"],
138
- # }
139
- #
140
67
  # @!attribute [rw] uri
141
68
  # The Amazon S3 location of the object.
142
69
  # @return [String]
@@ -192,72 +119,86 @@ module Aws::LakeFormation
192
119
  include Aws::Structure
193
120
  end
194
121
 
195
- # @note When making an API call, you may pass BatchGrantPermissionsRequest
196
- # data as a hash:
197
- #
198
- # {
199
- # catalog_id: "CatalogIdString",
200
- # entries: [ # required
201
- # {
202
- # id: "Identifier", # required
203
- # principal: {
204
- # data_lake_principal_identifier: "DataLakePrincipalString",
205
- # },
206
- # resource: {
207
- # catalog: {
208
- # },
209
- # database: {
210
- # catalog_id: "CatalogIdString",
211
- # name: "NameString", # required
212
- # },
213
- # table: {
214
- # catalog_id: "CatalogIdString",
215
- # database_name: "NameString", # required
216
- # name: "NameString",
217
- # table_wildcard: {
218
- # },
219
- # },
220
- # table_with_columns: {
221
- # catalog_id: "CatalogIdString",
222
- # database_name: "NameString", # required
223
- # name: "NameString", # required
224
- # column_names: ["NameString"],
225
- # column_wildcard: {
226
- # excluded_column_names: ["NameString"],
227
- # },
228
- # },
229
- # data_location: {
230
- # catalog_id: "CatalogIdString",
231
- # resource_arn: "ResourceArnString", # required
232
- # },
233
- # data_cells_filter: {
234
- # table_catalog_id: "CatalogIdString",
235
- # database_name: "NameString",
236
- # table_name: "NameString",
237
- # name: "NameString",
238
- # },
239
- # lf_tag: {
240
- # catalog_id: "CatalogIdString",
241
- # tag_key: "NameString", # required
242
- # tag_values: ["LFTagValue"], # required
243
- # },
244
- # lf_tag_policy: {
245
- # catalog_id: "CatalogIdString",
246
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
247
- # expression: [ # required
248
- # {
249
- # tag_key: "LFTagKey", # required
250
- # tag_values: ["LFTagValue"], # required
251
- # },
252
- # ],
253
- # },
254
- # },
255
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
256
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
257
- # },
258
- # ],
259
- # }
122
+ # @!attribute [rw] saml_assertion
123
+ # A SAML assertion consisting of an assertion statement for the user
124
+ # who needs temporary credentials. This must match the SAML assertion
125
+ # that was issued to IAM. This must be Base64 encoded.
126
+ # @return [String]
127
+ #
128
+ # @!attribute [rw] role_arn
129
+ # The role that represents an IAM principal whose scope down policy
130
+ # allows it to call credential vending APIs such as
131
+ # `GetTemporaryTableCredentials`. The caller must also have
132
+ # iam:PassRole permission on this role.
133
+ # @return [String]
134
+ #
135
+ # @!attribute [rw] principal_arn
136
+ # The Amazon Resource Name (ARN) of the SAML provider in IAM that
137
+ # describes the IdP.
138
+ # @return [String]
139
+ #
140
+ # @!attribute [rw] duration_seconds
141
+ # The time period, between 900 and 43,200 seconds, for the timeout of
142
+ # the temporary credentials.
143
+ # @return [Integer]
144
+ #
145
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLRequest AWS API Documentation
146
+ #
147
+ class AssumeDecoratedRoleWithSAMLRequest < Struct.new(
148
+ :saml_assertion,
149
+ :role_arn,
150
+ :principal_arn,
151
+ :duration_seconds)
152
+ SENSITIVE = []
153
+ include Aws::Structure
154
+ end
155
+
156
+ # @!attribute [rw] access_key_id
157
+ # The access key ID for the temporary credentials. (The access key
158
+ # consists of an access key ID and a secret key).
159
+ # @return [String]
160
+ #
161
+ # @!attribute [rw] secret_access_key
162
+ # The secret key for the temporary credentials. (The access key
163
+ # consists of an access key ID and a secret key).
164
+ # @return [String]
165
+ #
166
+ # @!attribute [rw] session_token
167
+ # The session token for the temporary credentials.
168
+ # @return [String]
169
+ #
170
+ # @!attribute [rw] expiration
171
+ # The date and time when the temporary credentials expire.
172
+ # @return [Time]
260
173
  #
174
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLResponse AWS API Documentation
175
+ #
176
+ class AssumeDecoratedRoleWithSAMLResponse < Struct.new(
177
+ :access_key_id,
178
+ :secret_access_key,
179
+ :session_token,
180
+ :expiration)
181
+ SENSITIVE = []
182
+ include Aws::Structure
183
+ end
184
+
185
+ # A structure used to include auditing information on the privileged
186
+ # API.
187
+ #
188
+ # @!attribute [rw] additional_audit_context
189
+ # The filter engine can populate the 'AdditionalAuditContext'
190
+ # information with the request ID for you to track. This information
191
+ # will be displayed in CloudTrail log in your account.
192
+ # @return [String]
193
+ #
194
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AuditContext AWS API Documentation
195
+ #
196
+ class AuditContext < Struct.new(
197
+ :additional_audit_context)
198
+ SENSITIVE = []
199
+ include Aws::Structure
200
+ end
201
+
261
202
  # @!attribute [rw] catalog_id
262
203
  # The identifier for the Data Catalog. By default, the account ID. The
263
204
  # Data Catalog is the persistent metadata store. It contains database
@@ -314,67 +255,6 @@ module Aws::LakeFormation
314
255
  # A permission to a resource granted by batch operation to the
315
256
  # principal.
316
257
  #
317
- # @note When making an API call, you may pass BatchPermissionsRequestEntry
318
- # data as a hash:
319
- #
320
- # {
321
- # id: "Identifier", # required
322
- # principal: {
323
- # data_lake_principal_identifier: "DataLakePrincipalString",
324
- # },
325
- # resource: {
326
- # catalog: {
327
- # },
328
- # database: {
329
- # catalog_id: "CatalogIdString",
330
- # name: "NameString", # required
331
- # },
332
- # table: {
333
- # catalog_id: "CatalogIdString",
334
- # database_name: "NameString", # required
335
- # name: "NameString",
336
- # table_wildcard: {
337
- # },
338
- # },
339
- # table_with_columns: {
340
- # catalog_id: "CatalogIdString",
341
- # database_name: "NameString", # required
342
- # name: "NameString", # required
343
- # column_names: ["NameString"],
344
- # column_wildcard: {
345
- # excluded_column_names: ["NameString"],
346
- # },
347
- # },
348
- # data_location: {
349
- # catalog_id: "CatalogIdString",
350
- # resource_arn: "ResourceArnString", # required
351
- # },
352
- # data_cells_filter: {
353
- # table_catalog_id: "CatalogIdString",
354
- # database_name: "NameString",
355
- # table_name: "NameString",
356
- # name: "NameString",
357
- # },
358
- # lf_tag: {
359
- # catalog_id: "CatalogIdString",
360
- # tag_key: "NameString", # required
361
- # tag_values: ["LFTagValue"], # required
362
- # },
363
- # lf_tag_policy: {
364
- # catalog_id: "CatalogIdString",
365
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
366
- # expression: [ # required
367
- # {
368
- # tag_key: "LFTagKey", # required
369
- # tag_values: ["LFTagValue"], # required
370
- # },
371
- # ],
372
- # },
373
- # },
374
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
375
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
376
- # }
377
- #
378
258
  # @!attribute [rw] id
379
259
  # A unique identifier for the batch permissions request entry.
380
260
  # @return [String]
@@ -407,72 +287,6 @@ module Aws::LakeFormation
407
287
  include Aws::Structure
408
288
  end
409
289
 
410
- # @note When making an API call, you may pass BatchRevokePermissionsRequest
411
- # data as a hash:
412
- #
413
- # {
414
- # catalog_id: "CatalogIdString",
415
- # entries: [ # required
416
- # {
417
- # id: "Identifier", # required
418
- # principal: {
419
- # data_lake_principal_identifier: "DataLakePrincipalString",
420
- # },
421
- # resource: {
422
- # catalog: {
423
- # },
424
- # database: {
425
- # catalog_id: "CatalogIdString",
426
- # name: "NameString", # required
427
- # },
428
- # table: {
429
- # catalog_id: "CatalogIdString",
430
- # database_name: "NameString", # required
431
- # name: "NameString",
432
- # table_wildcard: {
433
- # },
434
- # },
435
- # table_with_columns: {
436
- # catalog_id: "CatalogIdString",
437
- # database_name: "NameString", # required
438
- # name: "NameString", # required
439
- # column_names: ["NameString"],
440
- # column_wildcard: {
441
- # excluded_column_names: ["NameString"],
442
- # },
443
- # },
444
- # data_location: {
445
- # catalog_id: "CatalogIdString",
446
- # resource_arn: "ResourceArnString", # required
447
- # },
448
- # data_cells_filter: {
449
- # table_catalog_id: "CatalogIdString",
450
- # database_name: "NameString",
451
- # table_name: "NameString",
452
- # name: "NameString",
453
- # },
454
- # lf_tag: {
455
- # catalog_id: "CatalogIdString",
456
- # tag_key: "NameString", # required
457
- # tag_values: ["LFTagValue"], # required
458
- # },
459
- # lf_tag_policy: {
460
- # catalog_id: "CatalogIdString",
461
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
462
- # expression: [ # required
463
- # {
464
- # tag_key: "LFTagKey", # required
465
- # tag_values: ["LFTagValue"], # required
466
- # },
467
- # ],
468
- # },
469
- # },
470
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
471
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
472
- # },
473
- # ],
474
- # }
475
- #
476
290
  # @!attribute [rw] catalog_id
477
291
  # The identifier for the Data Catalog. By default, the account ID. The
478
292
  # Data Catalog is the persistent metadata store. It contains database
@@ -506,13 +320,6 @@ module Aws::LakeFormation
506
320
  include Aws::Structure
507
321
  end
508
322
 
509
- # @note When making an API call, you may pass CancelTransactionRequest
510
- # data as a hash:
511
- #
512
- # {
513
- # transaction_id: "TransactionIdString", # required
514
- # }
515
- #
516
323
  # @!attribute [rw] transaction_id
517
324
  # The transaction to cancel.
518
325
  # @return [String]
@@ -560,13 +367,6 @@ module Aws::LakeFormation
560
367
  # A wildcard object, consisting of an optional list of excluded column
561
368
  # names or indexes.
562
369
  #
563
- # @note When making an API call, you may pass ColumnWildcard
564
- # data as a hash:
565
- #
566
- # {
567
- # excluded_column_names: ["NameString"],
568
- # }
569
- #
570
370
  # @!attribute [rw] excluded_column_names
571
371
  # Excludes column names. Any column with this name will be excluded.
572
372
  # @return [Array<String>]
@@ -579,13 +379,6 @@ module Aws::LakeFormation
579
379
  include Aws::Structure
580
380
  end
581
381
 
582
- # @note When making an API call, you may pass CommitTransactionRequest
583
- # data as a hash:
584
- #
585
- # {
586
- # transaction_id: "TransactionIdString", # required
587
- # }
588
- #
589
382
  # @!attribute [rw] transaction_id
590
383
  # The transaction to commit.
591
384
  # @return [String]
@@ -624,27 +417,6 @@ module Aws::LakeFormation
624
417
  include Aws::Structure
625
418
  end
626
419
 
627
- # @note When making an API call, you may pass CreateDataCellsFilterRequest
628
- # data as a hash:
629
- #
630
- # {
631
- # table_data: { # required
632
- # table_catalog_id: "CatalogIdString", # required
633
- # database_name: "NameString", # required
634
- # table_name: "NameString", # required
635
- # name: "NameString", # required
636
- # row_filter: {
637
- # filter_expression: "PredicateString",
638
- # all_rows_wildcard: {
639
- # },
640
- # },
641
- # column_names: ["NameString"],
642
- # column_wildcard: {
643
- # excluded_column_names: ["NameString"],
644
- # },
645
- # },
646
- # }
647
- #
648
420
  # @!attribute [rw] table_data
649
421
  # A `DataCellsFilter` structure containing information about the data
650
422
  # cells filter.
@@ -662,15 +434,6 @@ module Aws::LakeFormation
662
434
  #
663
435
  class CreateDataCellsFilterResponse < Aws::EmptyStructure; end
664
436
 
665
- # @note When making an API call, you may pass CreateLFTagRequest
666
- # data as a hash:
667
- #
668
- # {
669
- # catalog_id: "CatalogIdString",
670
- # tag_key: "LFTagKey", # required
671
- # tag_values: ["LFTagValue"], # required
672
- # }
673
- #
674
437
  # @!attribute [rw] catalog_id
675
438
  # The identifier for the Data Catalog. By default, the account ID. The
676
439
  # Data Catalog is the persistent metadata store. It contains database
@@ -700,26 +463,29 @@ module Aws::LakeFormation
700
463
  #
701
464
  class CreateLFTagResponse < Aws::EmptyStructure; end
702
465
 
703
- # A structure that describes certain columns on certain rows.
466
+ # @!attribute [rw] principal
467
+ # The Lake Formation principal. Supported principals are IAM users or
468
+ # IAM roles.
469
+ # @return [Types::DataLakePrincipal]
470
+ #
471
+ # @!attribute [rw] resource
472
+ # A structure for the resource.
473
+ # @return [Types::Resource]
474
+ #
475
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationOptInRequest AWS API Documentation
476
+ #
477
+ class CreateLakeFormationOptInRequest < Struct.new(
478
+ :principal,
479
+ :resource)
480
+ SENSITIVE = []
481
+ include Aws::Structure
482
+ end
483
+
484
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationOptInResponse AWS API Documentation
704
485
  #
705
- # @note When making an API call, you may pass DataCellsFilter
706
- # data as a hash:
707
- #
708
- # {
709
- # table_catalog_id: "CatalogIdString", # required
710
- # database_name: "NameString", # required
711
- # table_name: "NameString", # required
712
- # name: "NameString", # required
713
- # row_filter: {
714
- # filter_expression: "PredicateString",
715
- # all_rows_wildcard: {
716
- # },
717
- # },
718
- # column_names: ["NameString"],
719
- # column_wildcard: {
720
- # excluded_column_names: ["NameString"],
721
- # },
722
- # }
486
+ class CreateLakeFormationOptInResponse < Aws::EmptyStructure; end
487
+
488
+ # A structure that describes certain columns on certain rows.
723
489
  #
724
490
  # @!attribute [rw] table_catalog_id
725
491
  # The ID of the catalog to which the table belongs.
@@ -742,13 +508,23 @@ module Aws::LakeFormation
742
508
  # @return [Types::RowFilter]
743
509
  #
744
510
  # @!attribute [rw] column_names
745
- # A list of column names.
511
+ # A list of column names and/or nested column attributes. When
512
+ # specifying nested attributes, use a qualified dot (.) delimited
513
+ # format such as "address"."zip". Nested attributes within this
514
+ # list may not exceed a depth of 5.
746
515
  # @return [Array<String>]
747
516
  #
748
517
  # @!attribute [rw] column_wildcard
749
518
  # A wildcard with exclusions.
519
+ #
520
+ # You must specify either a `ColumnNames` list or the
521
+ # `ColumnWildCard`.
750
522
  # @return [Types::ColumnWildcard]
751
523
  #
524
+ # @!attribute [rw] version_id
525
+ # The ID of the data cells filter version.
526
+ # @return [String]
527
+ #
752
528
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataCellsFilter AWS API Documentation
753
529
  #
754
530
  class DataCellsFilter < Struct.new(
@@ -758,23 +534,14 @@ module Aws::LakeFormation
758
534
  :name,
759
535
  :row_filter,
760
536
  :column_names,
761
- :column_wildcard)
537
+ :column_wildcard,
538
+ :version_id)
762
539
  SENSITIVE = []
763
540
  include Aws::Structure
764
541
  end
765
542
 
766
543
  # A structure for a data cells filter resource.
767
544
  #
768
- # @note When making an API call, you may pass DataCellsFilterResource
769
- # data as a hash:
770
- #
771
- # {
772
- # table_catalog_id: "CatalogIdString",
773
- # database_name: "NameString",
774
- # table_name: "NameString",
775
- # name: "NameString",
776
- # }
777
- #
778
545
  # @!attribute [rw] table_catalog_id
779
546
  # The ID of the catalog to which the table belongs.
780
547
  # @return [String]
@@ -802,15 +569,8 @@ module Aws::LakeFormation
802
569
  include Aws::Structure
803
570
  end
804
571
 
805
- # The AWS Lake Formation principal. Supported principals are IAM users
806
- # or IAM roles.
807
- #
808
- # @note When making an API call, you may pass DataLakePrincipal
809
- # data as a hash:
810
- #
811
- # {
812
- # data_lake_principal_identifier: "DataLakePrincipalString",
813
- # }
572
+ # The Lake Formation principal. Supported principals are IAM users or
573
+ # IAM roles.
814
574
  #
815
575
  # @!attribute [rw] data_lake_principal_identifier
816
576
  # An identifier for the Lake Formation principal.
@@ -829,44 +589,21 @@ module Aws::LakeFormation
829
589
  # permission entries for default create database and default create
830
590
  # table permissions.
831
591
  #
832
- # @note When making an API call, you may pass DataLakeSettings
833
- # data as a hash:
834
- #
835
- # {
836
- # data_lake_admins: [
837
- # {
838
- # data_lake_principal_identifier: "DataLakePrincipalString",
839
- # },
840
- # ],
841
- # create_database_default_permissions: [
842
- # {
843
- # principal: {
844
- # data_lake_principal_identifier: "DataLakePrincipalString",
845
- # },
846
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
847
- # },
848
- # ],
849
- # create_table_default_permissions: [
850
- # {
851
- # principal: {
852
- # data_lake_principal_identifier: "DataLakePrincipalString",
853
- # },
854
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
855
- # },
856
- # ],
857
- # trusted_resource_owners: ["CatalogIdString"],
858
- # }
859
- #
860
592
  # @!attribute [rw] data_lake_admins
861
593
  # A list of Lake Formation principals. Supported principals are IAM
862
594
  # users or IAM roles.
863
595
  # @return [Array<Types::DataLakePrincipal>]
864
596
  #
597
+ # @!attribute [rw] read_only_admins
598
+ # A list of Lake Formation principals with only view access to the
599
+ # resources, without the ability to make changes. Supported principals
600
+ # are IAM users or IAM roles.
601
+ # @return [Array<Types::DataLakePrincipal>]
602
+ #
865
603
  # @!attribute [rw] create_database_default_permissions
866
604
  # Specifies whether access control on newly created database is
867
605
  # managed by Lake Formation permissions or exclusively by IAM
868
- # permissions. You can override this default setting when you create a
869
- # database.
606
+ # permissions.
870
607
  #
871
608
  # A null value indicates access control by Lake Formation permissions.
872
609
  # A value that assigns ALL to IAM\_ALLOWED\_PRINCIPALS indicates
@@ -910,6 +647,13 @@ module Aws::LakeFormation
910
647
  # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html
911
648
  # @return [Array<Types::PrincipalPermissions>]
912
649
  #
650
+ # @!attribute [rw] parameters
651
+ # A key-value map that provides an additional configuration on your
652
+ # data lake. CrossAccountVersion is the key you can configure in the
653
+ # Parameters field. Accepted values for the CrossAccountVersion key
654
+ # are 1, 2, and 3.
655
+ # @return [Hash<String,String>]
656
+ #
913
657
  # @!attribute [rw] trusted_resource_owners
914
658
  # A list of the resource-owning account IDs that the caller's account
915
659
  # can use to share their user access details (user ARNs). The user
@@ -919,13 +663,58 @@ module Aws::LakeFormation
919
663
  # boundary, such as the same team or company.
920
664
  # @return [Array<String>]
921
665
  #
666
+ # @!attribute [rw] allow_external_data_filtering
667
+ # Whether to allow Amazon EMR clusters to access data managed by Lake
668
+ # Formation.
669
+ #
670
+ # If true, you allow Amazon EMR clusters to access data in Amazon S3
671
+ # locations that are registered with Lake Formation.
672
+ #
673
+ # If false or null, no Amazon EMR clusters will be able to access data
674
+ # in Amazon S3 locations that are registered with Lake Formation.
675
+ #
676
+ # For more information, see [(Optional) Allow external data
677
+ # filtering][1].
678
+ #
679
+ #
680
+ #
681
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/initial-LF-setup.html#external-data-filter
682
+ # @return [Boolean]
683
+ #
684
+ # @!attribute [rw] allow_full_table_external_data_access
685
+ # Whether to allow a third-party query engine to get data access
686
+ # credentials without session tags when a caller has full data access
687
+ # permissions.
688
+ # @return [Boolean]
689
+ #
690
+ # @!attribute [rw] external_data_filtering_allow_list
691
+ # A list of the account IDs of Amazon Web Services accounts with
692
+ # Amazon EMR clusters that are to perform data filtering.&gt;
693
+ # @return [Array<Types::DataLakePrincipal>]
694
+ #
695
+ # @!attribute [rw] authorized_session_tag_value_list
696
+ # Lake Formation relies on a privileged process secured by Amazon EMR
697
+ # or the third party integrator to tag the user's role while assuming
698
+ # it. Lake Formation will publish the acceptable key-value pair, for
699
+ # example key = "LakeFormationTrustedCaller" and value = "TRUE"
700
+ # and the third party integrator must properly tag the temporary
701
+ # security credentials that will be used to call Lake Formation's
702
+ # administrative APIs.
703
+ # @return [Array<String>]
704
+ #
922
705
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataLakeSettings AWS API Documentation
923
706
  #
924
707
  class DataLakeSettings < Struct.new(
925
708
  :data_lake_admins,
709
+ :read_only_admins,
926
710
  :create_database_default_permissions,
927
711
  :create_table_default_permissions,
928
- :trusted_resource_owners)
712
+ :parameters,
713
+ :trusted_resource_owners,
714
+ :allow_external_data_filtering,
715
+ :allow_full_table_external_data_access,
716
+ :external_data_filtering_allow_list,
717
+ :authorized_session_tag_value_list)
929
718
  SENSITIVE = []
930
719
  include Aws::Structure
931
720
  end
@@ -933,14 +722,6 @@ module Aws::LakeFormation
933
722
  # A structure for a data location object where permissions are granted
934
723
  # or revoked.
935
724
  #
936
- # @note When making an API call, you may pass DataLocationResource
937
- # data as a hash:
938
- #
939
- # {
940
- # catalog_id: "CatalogIdString",
941
- # resource_arn: "ResourceArnString", # required
942
- # }
943
- #
944
725
  # @!attribute [rw] catalog_id
945
726
  # The identifier for the Data Catalog where the location is registered
946
727
  # with Lake Formation. By default, it is the account ID of the caller.
@@ -962,14 +743,6 @@ module Aws::LakeFormation
962
743
 
963
744
  # A structure for the database object.
964
745
  #
965
- # @note When making an API call, you may pass DatabaseResource
966
- # data as a hash:
967
- #
968
- # {
969
- # catalog_id: "CatalogIdString",
970
- # name: "NameString", # required
971
- # }
972
- #
973
746
  # @!attribute [rw] catalog_id
974
747
  # The identifier for the Data Catalog. By default, it is the account
975
748
  # ID of the caller.
@@ -988,16 +761,6 @@ module Aws::LakeFormation
988
761
  include Aws::Structure
989
762
  end
990
763
 
991
- # @note When making an API call, you may pass DeleteDataCellsFilterRequest
992
- # data as a hash:
993
- #
994
- # {
995
- # table_catalog_id: "CatalogIdString",
996
- # database_name: "NameString",
997
- # table_name: "NameString",
998
- # name: "NameString",
999
- # }
1000
- #
1001
764
  # @!attribute [rw] table_catalog_id
1002
765
  # The ID of the catalog to which the table belongs.
1003
766
  # @return [String]
@@ -1029,14 +792,6 @@ module Aws::LakeFormation
1029
792
  #
1030
793
  class DeleteDataCellsFilterResponse < Aws::EmptyStructure; end
1031
794
 
1032
- # @note When making an API call, you may pass DeleteLFTagRequest
1033
- # data as a hash:
1034
- #
1035
- # {
1036
- # catalog_id: "CatalogIdString",
1037
- # tag_key: "LFTagKey", # required
1038
- # }
1039
- #
1040
795
  # @!attribute [rw] catalog_id
1041
796
  # The identifier for the Data Catalog. By default, the account ID. The
1042
797
  # Data Catalog is the persistent metadata store. It contains database
@@ -1061,16 +816,29 @@ module Aws::LakeFormation
1061
816
  #
1062
817
  class DeleteLFTagResponse < Aws::EmptyStructure; end
1063
818
 
1064
- # An object to delete from the governed table.
819
+ # @!attribute [rw] principal
820
+ # The Lake Formation principal. Supported principals are IAM users or
821
+ # IAM roles.
822
+ # @return [Types::DataLakePrincipal]
823
+ #
824
+ # @!attribute [rw] resource
825
+ # A structure for the resource.
826
+ # @return [Types::Resource]
1065
827
  #
1066
- # @note When making an API call, you may pass DeleteObjectInput
1067
- # data as a hash:
828
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DeleteLakeFormationOptInRequest AWS API Documentation
1068
829
  #
1069
- # {
1070
- # uri: "URI", # required
1071
- # etag: "ETagString",
1072
- # partition_values: ["PartitionValueString"],
1073
- # }
830
+ class DeleteLakeFormationOptInRequest < Struct.new(
831
+ :principal,
832
+ :resource)
833
+ SENSITIVE = []
834
+ include Aws::Structure
835
+ end
836
+
837
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DeleteLakeFormationOptInResponse AWS API Documentation
838
+ #
839
+ class DeleteLakeFormationOptInResponse < Aws::EmptyStructure; end
840
+
841
+ # An object to delete from the governed table.
1074
842
  #
1075
843
  # @!attribute [rw] uri
1076
844
  # The Amazon S3 location of the object to delete.
@@ -1096,22 +864,6 @@ module Aws::LakeFormation
1096
864
  include Aws::Structure
1097
865
  end
1098
866
 
1099
- # @note When making an API call, you may pass DeleteObjectsOnCancelRequest
1100
- # data as a hash:
1101
- #
1102
- # {
1103
- # catalog_id: "CatalogIdString",
1104
- # database_name: "NameString", # required
1105
- # table_name: "NameString", # required
1106
- # transaction_id: "TransactionIdString", # required
1107
- # objects: [ # required
1108
- # {
1109
- # uri: "URI", # required
1110
- # etag: "ETagString",
1111
- # },
1112
- # ],
1113
- # }
1114
- #
1115
867
  # @!attribute [rw] catalog_id
1116
868
  # The Glue data catalog that contains the governed table. Defaults to
1117
869
  # the current account ID.
@@ -1150,13 +902,6 @@ module Aws::LakeFormation
1150
902
  #
1151
903
  class DeleteObjectsOnCancelResponse < Aws::EmptyStructure; end
1152
904
 
1153
- # @note When making an API call, you may pass DeregisterResourceRequest
1154
- # data as a hash:
1155
- #
1156
- # {
1157
- # resource_arn: "ResourceArnString", # required
1158
- # }
1159
- #
1160
905
  # @!attribute [rw] resource_arn
1161
906
  # The Amazon Resource Name (ARN) of the resource that you want to
1162
907
  # deregister.
@@ -1174,13 +919,6 @@ module Aws::LakeFormation
1174
919
  #
1175
920
  class DeregisterResourceResponse < Aws::EmptyStructure; end
1176
921
 
1177
- # @note When making an API call, you may pass DescribeResourceRequest
1178
- # data as a hash:
1179
- #
1180
- # {
1181
- # resource_arn: "ResourceArnString", # required
1182
- # }
1183
- #
1184
922
  # @!attribute [rw] resource_arn
1185
923
  # The resource ARN.
1186
924
  # @return [String]
@@ -1205,13 +943,6 @@ module Aws::LakeFormation
1205
943
  include Aws::Structure
1206
944
  end
1207
945
 
1208
- # @note When making an API call, you may pass DescribeTransactionRequest
1209
- # data as a hash:
1210
- #
1211
- # {
1212
- # transaction_id: "TransactionIdString", # required
1213
- # }
1214
- #
1215
946
  # @!attribute [rw] transaction_id
1216
947
  # The transaction for which to return status.
1217
948
  # @return [String]
@@ -1255,7 +986,7 @@ module Aws::LakeFormation
1255
986
  include Aws::Structure
1256
987
  end
1257
988
 
1258
- # A specified entity does not exist
989
+ # A specified entity does not exist.
1259
990
  #
1260
991
  # @!attribute [rw] message
1261
992
  # A message describing the problem.
@@ -1326,13 +1057,6 @@ module Aws::LakeFormation
1326
1057
  include Aws::Structure
1327
1058
  end
1328
1059
 
1329
- # @note When making an API call, you may pass ExtendTransactionRequest
1330
- # data as a hash:
1331
- #
1332
- # {
1333
- # transaction_id: "TransactionIdString",
1334
- # }
1335
- #
1336
1060
  # @!attribute [rw] transaction_id
1337
1061
  # The transaction to extend.
1338
1062
  # @return [String]
@@ -1352,15 +1076,6 @@ module Aws::LakeFormation
1352
1076
  # This structure describes the filtering of columns in a table based on
1353
1077
  # a filter condition.
1354
1078
  #
1355
- # @note When making an API call, you may pass FilterCondition
1356
- # data as a hash:
1357
- #
1358
- # {
1359
- # field: "RESOURCE_ARN", # accepts RESOURCE_ARN, ROLE_ARN, LAST_MODIFIED
1360
- # comparison_operator: "EQ", # accepts EQ, NE, LE, LT, GE, GT, CONTAINS, NOT_CONTAINS, BEGINS_WITH, IN, BETWEEN
1361
- # string_value_list: ["StringValue"],
1362
- # }
1363
- #
1364
1079
  # @!attribute [rw] field
1365
1080
  # The field to filter in the filter condition.
1366
1081
  # @return [String]
@@ -1383,13 +1098,45 @@ module Aws::LakeFormation
1383
1098
  include Aws::Structure
1384
1099
  end
1385
1100
 
1386
- # @note When making an API call, you may pass GetDataLakeSettingsRequest
1387
- # data as a hash:
1101
+ # @!attribute [rw] table_catalog_id
1102
+ # The ID of the catalog to which the table belongs.
1103
+ # @return [String]
1104
+ #
1105
+ # @!attribute [rw] database_name
1106
+ # A database in the Glue Data Catalog.
1107
+ # @return [String]
1108
+ #
1109
+ # @!attribute [rw] table_name
1110
+ # A table in the database.
1111
+ # @return [String]
1112
+ #
1113
+ # @!attribute [rw] name
1114
+ # The name given by the user to the data filter cell.
1115
+ # @return [String]
1116
+ #
1117
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataCellsFilterRequest AWS API Documentation
1118
+ #
1119
+ class GetDataCellsFilterRequest < Struct.new(
1120
+ :table_catalog_id,
1121
+ :database_name,
1122
+ :table_name,
1123
+ :name)
1124
+ SENSITIVE = []
1125
+ include Aws::Structure
1126
+ end
1127
+
1128
+ # @!attribute [rw] data_cells_filter
1129
+ # A structure that describes certain columns on certain rows.
1130
+ # @return [Types::DataCellsFilter]
1388
1131
  #
1389
- # {
1390
- # catalog_id: "CatalogIdString",
1391
- # }
1132
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataCellsFilterResponse AWS API Documentation
1392
1133
  #
1134
+ class GetDataCellsFilterResponse < Struct.new(
1135
+ :data_cells_filter)
1136
+ SENSITIVE = []
1137
+ include Aws::Structure
1138
+ end
1139
+
1393
1140
  # @!attribute [rw] catalog_id
1394
1141
  # The identifier for the Data Catalog. By default, the account ID. The
1395
1142
  # Data Catalog is the persistent metadata store. It contains database
@@ -1418,16 +1165,6 @@ module Aws::LakeFormation
1418
1165
  include Aws::Structure
1419
1166
  end
1420
1167
 
1421
- # @note When making an API call, you may pass GetEffectivePermissionsForPathRequest
1422
- # data as a hash:
1423
- #
1424
- # {
1425
- # catalog_id: "CatalogIdString",
1426
- # resource_arn: "ResourceArnString", # required
1427
- # next_token: "Token",
1428
- # max_results: 1,
1429
- # }
1430
- #
1431
1168
  # @!attribute [rw] catalog_id
1432
1169
  # The identifier for the Data Catalog. By default, the account ID. The
1433
1170
  # Data Catalog is the persistent metadata store. It contains database
@@ -1479,14 +1216,6 @@ module Aws::LakeFormation
1479
1216
  include Aws::Structure
1480
1217
  end
1481
1218
 
1482
- # @note When making an API call, you may pass GetLFTagRequest
1483
- # data as a hash:
1484
- #
1485
- # {
1486
- # catalog_id: "CatalogIdString",
1487
- # tag_key: "LFTagKey", # required
1488
- # }
1489
- #
1490
1219
  # @!attribute [rw] catalog_id
1491
1220
  # The identifier for the Data Catalog. By default, the account ID. The
1492
1221
  # Data Catalog is the persistent metadata store. It contains database
@@ -1532,13 +1261,6 @@ module Aws::LakeFormation
1532
1261
  include Aws::Structure
1533
1262
  end
1534
1263
 
1535
- # @note When making an API call, you may pass GetQueryStateRequest
1536
- # data as a hash:
1537
- #
1538
- # {
1539
- # query_id: "GetQueryStateRequestQueryIdString", # required
1540
- # }
1541
- #
1542
1264
  # @!attribute [rw] query_id
1543
1265
  # The ID of the plan query operation.
1544
1266
  # @return [String]
@@ -1581,13 +1303,6 @@ module Aws::LakeFormation
1581
1303
  include Aws::Structure
1582
1304
  end
1583
1305
 
1584
- # @note When making an API call, you may pass GetQueryStatisticsRequest
1585
- # data as a hash:
1586
- #
1587
- # {
1588
- # query_id: "GetQueryStatisticsRequestQueryIdString", # required
1589
- # }
1590
- #
1591
1306
  # @!attribute [rw] query_id
1592
1307
  # The ID of the plan query operation.
1593
1308
  # @return [String]
@@ -1623,63 +1338,6 @@ module Aws::LakeFormation
1623
1338
  include Aws::Structure
1624
1339
  end
1625
1340
 
1626
- # @note When making an API call, you may pass GetResourceLFTagsRequest
1627
- # data as a hash:
1628
- #
1629
- # {
1630
- # catalog_id: "CatalogIdString",
1631
- # resource: { # required
1632
- # catalog: {
1633
- # },
1634
- # database: {
1635
- # catalog_id: "CatalogIdString",
1636
- # name: "NameString", # required
1637
- # },
1638
- # table: {
1639
- # catalog_id: "CatalogIdString",
1640
- # database_name: "NameString", # required
1641
- # name: "NameString",
1642
- # table_wildcard: {
1643
- # },
1644
- # },
1645
- # table_with_columns: {
1646
- # catalog_id: "CatalogIdString",
1647
- # database_name: "NameString", # required
1648
- # name: "NameString", # required
1649
- # column_names: ["NameString"],
1650
- # column_wildcard: {
1651
- # excluded_column_names: ["NameString"],
1652
- # },
1653
- # },
1654
- # data_location: {
1655
- # catalog_id: "CatalogIdString",
1656
- # resource_arn: "ResourceArnString", # required
1657
- # },
1658
- # data_cells_filter: {
1659
- # table_catalog_id: "CatalogIdString",
1660
- # database_name: "NameString",
1661
- # table_name: "NameString",
1662
- # name: "NameString",
1663
- # },
1664
- # lf_tag: {
1665
- # catalog_id: "CatalogIdString",
1666
- # tag_key: "NameString", # required
1667
- # tag_values: ["LFTagValue"], # required
1668
- # },
1669
- # lf_tag_policy: {
1670
- # catalog_id: "CatalogIdString",
1671
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
1672
- # expression: [ # required
1673
- # {
1674
- # tag_key: "LFTagKey", # required
1675
- # tag_values: ["LFTagValue"], # required
1676
- # },
1677
- # ],
1678
- # },
1679
- # },
1680
- # show_assigned_lf_tags: false,
1681
- # }
1682
- #
1683
1341
  # @!attribute [rw] catalog_id
1684
1342
  # The identifier for the Data Catalog. By default, the account ID. The
1685
1343
  # Data Catalog is the persistent metadata store. It contains database
@@ -1728,20 +1386,6 @@ module Aws::LakeFormation
1728
1386
  include Aws::Structure
1729
1387
  end
1730
1388
 
1731
- # @note When making an API call, you may pass GetTableObjectsRequest
1732
- # data as a hash:
1733
- #
1734
- # {
1735
- # catalog_id: "CatalogIdString",
1736
- # database_name: "NameString", # required
1737
- # table_name: "NameString", # required
1738
- # transaction_id: "TransactionIdString",
1739
- # query_as_of_time: Time.now,
1740
- # partition_predicate: "PredicateString",
1741
- # max_results: 1,
1742
- # next_token: "TokenString",
1743
- # }
1744
- #
1745
1389
  # @!attribute [rw] catalog_id
1746
1390
  # The catalog containing the governed table. Defaults to the caller’s
1747
1391
  # account.
@@ -1824,15 +1468,138 @@ module Aws::LakeFormation
1824
1468
  include Aws::Structure
1825
1469
  end
1826
1470
 
1827
- # @note When making an API call, you may pass GetWorkUnitResultsRequest
1828
- # data as a hash:
1471
+ # @!attribute [rw] table_arn
1472
+ # The ARN of the partitions' table.
1473
+ # @return [String]
1474
+ #
1475
+ # @!attribute [rw] partition
1476
+ # A list of partition values identifying a single partition.
1477
+ # @return [Types::PartitionValueList]
1478
+ #
1479
+ # @!attribute [rw] permissions
1480
+ # Filters the request based on the user having been granted a list of
1481
+ # specified permissions on the requested resource(s).
1482
+ # @return [Array<String>]
1483
+ #
1484
+ # @!attribute [rw] duration_seconds
1485
+ # The time period, between 900 and 21,600 seconds, for the timeout of
1486
+ # the temporary credentials.
1487
+ # @return [Integer]
1488
+ #
1489
+ # @!attribute [rw] audit_context
1490
+ # A structure representing context to access a resource (column names,
1491
+ # query ID, etc).
1492
+ # @return [Types::AuditContext]
1493
+ #
1494
+ # @!attribute [rw] supported_permission_types
1495
+ # A list of supported permission types for the partition. Valid values
1496
+ # are `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
1497
+ # @return [Array<String>]
1498
+ #
1499
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsRequest AWS API Documentation
1500
+ #
1501
+ class GetTemporaryGluePartitionCredentialsRequest < Struct.new(
1502
+ :table_arn,
1503
+ :partition,
1504
+ :permissions,
1505
+ :duration_seconds,
1506
+ :audit_context,
1507
+ :supported_permission_types)
1508
+ SENSITIVE = []
1509
+ include Aws::Structure
1510
+ end
1511
+
1512
+ # @!attribute [rw] access_key_id
1513
+ # The access key ID for the temporary credentials.
1514
+ # @return [String]
1515
+ #
1516
+ # @!attribute [rw] secret_access_key
1517
+ # The secret key for the temporary credentials.
1518
+ # @return [String]
1829
1519
  #
1830
- # {
1831
- # query_id: "GetWorkUnitResultsRequestQueryIdString", # required
1832
- # work_unit_id: 1, # required
1833
- # work_unit_token: "SyntheticGetWorkUnitResultsRequestWorkUnitTokenString", # required
1834
- # }
1520
+ # @!attribute [rw] session_token
1521
+ # The session token for the temporary credentials.
1522
+ # @return [String]
1835
1523
  #
1524
+ # @!attribute [rw] expiration
1525
+ # The date and time when the temporary credentials expire.
1526
+ # @return [Time]
1527
+ #
1528
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsResponse AWS API Documentation
1529
+ #
1530
+ class GetTemporaryGluePartitionCredentialsResponse < Struct.new(
1531
+ :access_key_id,
1532
+ :secret_access_key,
1533
+ :session_token,
1534
+ :expiration)
1535
+ SENSITIVE = []
1536
+ include Aws::Structure
1537
+ end
1538
+
1539
+ # @!attribute [rw] table_arn
1540
+ # The ARN identifying a table in the Data Catalog for the temporary
1541
+ # credentials request.
1542
+ # @return [String]
1543
+ #
1544
+ # @!attribute [rw] permissions
1545
+ # Filters the request based on the user having been granted a list of
1546
+ # specified permissions on the requested resource(s).
1547
+ # @return [Array<String>]
1548
+ #
1549
+ # @!attribute [rw] duration_seconds
1550
+ # The time period, between 900 and 21,600 seconds, for the timeout of
1551
+ # the temporary credentials.
1552
+ # @return [Integer]
1553
+ #
1554
+ # @!attribute [rw] audit_context
1555
+ # A structure representing context to access a resource (column names,
1556
+ # query ID, etc).
1557
+ # @return [Types::AuditContext]
1558
+ #
1559
+ # @!attribute [rw] supported_permission_types
1560
+ # A list of supported permission types for the table. Valid values are
1561
+ # `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
1562
+ # @return [Array<String>]
1563
+ #
1564
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsRequest AWS API Documentation
1565
+ #
1566
+ class GetTemporaryGlueTableCredentialsRequest < Struct.new(
1567
+ :table_arn,
1568
+ :permissions,
1569
+ :duration_seconds,
1570
+ :audit_context,
1571
+ :supported_permission_types)
1572
+ SENSITIVE = []
1573
+ include Aws::Structure
1574
+ end
1575
+
1576
+ # @!attribute [rw] access_key_id
1577
+ # The access key ID for the temporary credentials.
1578
+ # @return [String]
1579
+ #
1580
+ # @!attribute [rw] secret_access_key
1581
+ # The secret key for the temporary credentials.
1582
+ # @return [String]
1583
+ #
1584
+ # @!attribute [rw] session_token
1585
+ # The session token for the temporary credentials.
1586
+ # @return [String]
1587
+ #
1588
+ # @!attribute [rw] expiration
1589
+ # The date and time when the temporary credentials expire.
1590
+ # @return [Time]
1591
+ #
1592
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsResponse AWS API Documentation
1593
+ #
1594
+ class GetTemporaryGlueTableCredentialsResponse < Struct.new(
1595
+ :access_key_id,
1596
+ :secret_access_key,
1597
+ :session_token,
1598
+ :expiration)
1599
+ SENSITIVE = []
1600
+ include Aws::Structure
1601
+ end
1602
+
1836
1603
  # @!attribute [rw] query_id
1837
1604
  # The ID of the plan query operation for which to get results.
1838
1605
  # @return [String]
@@ -1873,15 +1640,6 @@ module Aws::LakeFormation
1873
1640
  include Aws::Structure
1874
1641
  end
1875
1642
 
1876
- # @note When making an API call, you may pass GetWorkUnitsRequest
1877
- # data as a hash:
1878
- #
1879
- # {
1880
- # next_token: "Token",
1881
- # page_size: 1,
1882
- # query_id: "GetWorkUnitsRequestQueryIdString", # required
1883
- # }
1884
- #
1885
1643
  # @!attribute [rw] next_token
1886
1644
  # A continuation token, if this is a continuation call.
1887
1645
  # @return [String]
@@ -1949,67 +1707,6 @@ module Aws::LakeFormation
1949
1707
  include Aws::Structure
1950
1708
  end
1951
1709
 
1952
- # @note When making an API call, you may pass GrantPermissionsRequest
1953
- # data as a hash:
1954
- #
1955
- # {
1956
- # catalog_id: "CatalogIdString",
1957
- # principal: { # required
1958
- # data_lake_principal_identifier: "DataLakePrincipalString",
1959
- # },
1960
- # resource: { # required
1961
- # catalog: {
1962
- # },
1963
- # database: {
1964
- # catalog_id: "CatalogIdString",
1965
- # name: "NameString", # required
1966
- # },
1967
- # table: {
1968
- # catalog_id: "CatalogIdString",
1969
- # database_name: "NameString", # required
1970
- # name: "NameString",
1971
- # table_wildcard: {
1972
- # },
1973
- # },
1974
- # table_with_columns: {
1975
- # catalog_id: "CatalogIdString",
1976
- # database_name: "NameString", # required
1977
- # name: "NameString", # required
1978
- # column_names: ["NameString"],
1979
- # column_wildcard: {
1980
- # excluded_column_names: ["NameString"],
1981
- # },
1982
- # },
1983
- # data_location: {
1984
- # catalog_id: "CatalogIdString",
1985
- # resource_arn: "ResourceArnString", # required
1986
- # },
1987
- # data_cells_filter: {
1988
- # table_catalog_id: "CatalogIdString",
1989
- # database_name: "NameString",
1990
- # table_name: "NameString",
1991
- # name: "NameString",
1992
- # },
1993
- # lf_tag: {
1994
- # catalog_id: "CatalogIdString",
1995
- # tag_key: "NameString", # required
1996
- # tag_values: ["LFTagValue"], # required
1997
- # },
1998
- # lf_tag_policy: {
1999
- # catalog_id: "CatalogIdString",
2000
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2001
- # expression: [ # required
2002
- # {
2003
- # tag_key: "LFTagKey", # required
2004
- # tag_values: ["LFTagValue"], # required
2005
- # },
2006
- # ],
2007
- # },
2008
- # },
2009
- # permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2010
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2011
- # }
2012
- #
2013
1710
  # @!attribute [rw] catalog_id
2014
1711
  # The identifier for the Data Catalog. By default, the account ID. The
2015
1712
  # Data Catalog is the persistent metadata store. It contains database
@@ -2094,20 +1791,16 @@ module Aws::LakeFormation
2094
1791
  # conditions. For example, granting a role access to all columns that do
2095
1792
  # not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.
2096
1793
  #
2097
- # @note When making an API call, you may pass LFTag
2098
- # data as a hash:
2099
- #
2100
- # {
2101
- # tag_key: "LFTagKey", # required
2102
- # tag_values: ["LFTagValue"], # required
2103
- # }
2104
- #
2105
1794
  # @!attribute [rw] tag_key
2106
1795
  # The key-name for the LF-tag.
2107
1796
  # @return [String]
2108
1797
  #
2109
1798
  # @!attribute [rw] tag_values
2110
1799
  # A list of possible values an attribute can take.
1800
+ #
1801
+ # The maximum number of values that can be defined for a LF-Tag is
1802
+ # 1000. A single API call supports 50 values. You can use multiple API
1803
+ # calls to add more values.
2111
1804
  # @return [Array<String>]
2112
1805
  #
2113
1806
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/LFTag AWS API Documentation
@@ -2142,15 +1835,6 @@ module Aws::LakeFormation
2142
1835
 
2143
1836
  # A structure containing an LF-tag key and values for a resource.
2144
1837
  #
2145
- # @note When making an API call, you may pass LFTagKeyResource
2146
- # data as a hash:
2147
- #
2148
- # {
2149
- # catalog_id: "CatalogIdString",
2150
- # tag_key: "NameString", # required
2151
- # tag_values: ["LFTagValue"], # required
2152
- # }
2153
- #
2154
1838
  # @!attribute [rw] catalog_id
2155
1839
  # The identifier for the Data Catalog. By default, the account ID. The
2156
1840
  # Data Catalog is the persistent metadata store. It contains database
@@ -2178,15 +1862,6 @@ module Aws::LakeFormation
2178
1862
 
2179
1863
  # A structure containing an LF-tag key-value pair.
2180
1864
  #
2181
- # @note When making an API call, you may pass LFTagPair
2182
- # data as a hash:
2183
- #
2184
- # {
2185
- # catalog_id: "CatalogIdString",
2186
- # tag_key: "LFTagKey", # required
2187
- # tag_values: ["LFTagValue"], # required
2188
- # }
2189
- #
2190
1865
  # @!attribute [rw] catalog_id
2191
1866
  # The identifier for the Data Catalog. By default, the account ID. The
2192
1867
  # Data Catalog is the persistent metadata store. It contains database
@@ -2215,20 +1890,6 @@ module Aws::LakeFormation
2215
1890
  # A structure containing a list of LF-tag conditions that apply to a
2216
1891
  # resource's LF-tag policy.
2217
1892
  #
2218
- # @note When making an API call, you may pass LFTagPolicyResource
2219
- # data as a hash:
2220
- #
2221
- # {
2222
- # catalog_id: "CatalogIdString",
2223
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2224
- # expression: [ # required
2225
- # {
2226
- # tag_key: "LFTagKey", # required
2227
- # tag_values: ["LFTagValue"], # required
2228
- # },
2229
- # ],
2230
- # }
2231
- #
2232
1893
  # @!attribute [rw] catalog_id
2233
1894
  # The identifier for the Data Catalog. By default, the account ID. The
2234
1895
  # Data Catalog is the persistent metadata store. It contains database
@@ -2255,21 +1916,37 @@ module Aws::LakeFormation
2255
1916
  include Aws::Structure
2256
1917
  end
2257
1918
 
2258
- # @note When making an API call, you may pass ListDataCellsFilterRequest
2259
- # data as a hash:
1919
+ # A single principal-resource pair that has Lake Formation permissins
1920
+ # enforced.
1921
+ #
1922
+ # @!attribute [rw] resource
1923
+ # A structure for the resource.
1924
+ # @return [Types::Resource]
1925
+ #
1926
+ # @!attribute [rw] principal
1927
+ # The Lake Formation principal. Supported principals are IAM users or
1928
+ # IAM roles.
1929
+ # @return [Types::DataLakePrincipal]
1930
+ #
1931
+ # @!attribute [rw] last_modified
1932
+ # The last modified date and time of the record.
1933
+ # @return [Time]
1934
+ #
1935
+ # @!attribute [rw] last_updated_by
1936
+ # The user who updated the record.
1937
+ # @return [String]
2260
1938
  #
2261
- # {
2262
- # table: {
2263
- # catalog_id: "CatalogIdString",
2264
- # database_name: "NameString", # required
2265
- # name: "NameString",
2266
- # table_wildcard: {
2267
- # },
2268
- # },
2269
- # next_token: "Token",
2270
- # max_results: 1,
2271
- # }
1939
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/LakeFormationOptInsInfo AWS API Documentation
2272
1940
  #
1941
+ class LakeFormationOptInsInfo < Struct.new(
1942
+ :resource,
1943
+ :principal,
1944
+ :last_modified,
1945
+ :last_updated_by)
1946
+ SENSITIVE = []
1947
+ include Aws::Structure
1948
+ end
1949
+
2273
1950
  # @!attribute [rw] table
2274
1951
  # A table in the Glue Data Catalog.
2275
1952
  # @return [Types::TableResource]
@@ -2310,16 +1987,6 @@ module Aws::LakeFormation
2310
1987
  include Aws::Structure
2311
1988
  end
2312
1989
 
2313
- # @note When making an API call, you may pass ListLFTagsRequest
2314
- # data as a hash:
2315
- #
2316
- # {
2317
- # catalog_id: "CatalogIdString",
2318
- # resource_share_type: "FOREIGN", # accepts FOREIGN, ALL
2319
- # max_results: 1,
2320
- # next_token: "Token",
2321
- # }
2322
- #
2323
1990
  # @!attribute [rw] catalog_id
2324
1991
  # The identifier for the Data Catalog. By default, the account ID. The
2325
1992
  # Data Catalog is the persistent metadata store. It contains database
@@ -2374,69 +2041,54 @@ module Aws::LakeFormation
2374
2041
  include Aws::Structure
2375
2042
  end
2376
2043
 
2377
- # @note When making an API call, you may pass ListPermissionsRequest
2378
- # data as a hash:
2379
- #
2380
- # {
2381
- # catalog_id: "CatalogIdString",
2382
- # principal: {
2383
- # data_lake_principal_identifier: "DataLakePrincipalString",
2384
- # },
2385
- # resource_type: "CATALOG", # accepts CATALOG, DATABASE, TABLE, DATA_LOCATION, LF_TAG, LF_TAG_POLICY, LF_TAG_POLICY_DATABASE, LF_TAG_POLICY_TABLE
2386
- # resource: {
2387
- # catalog: {
2388
- # },
2389
- # database: {
2390
- # catalog_id: "CatalogIdString",
2391
- # name: "NameString", # required
2392
- # },
2393
- # table: {
2394
- # catalog_id: "CatalogIdString",
2395
- # database_name: "NameString", # required
2396
- # name: "NameString",
2397
- # table_wildcard: {
2398
- # },
2399
- # },
2400
- # table_with_columns: {
2401
- # catalog_id: "CatalogIdString",
2402
- # database_name: "NameString", # required
2403
- # name: "NameString", # required
2404
- # column_names: ["NameString"],
2405
- # column_wildcard: {
2406
- # excluded_column_names: ["NameString"],
2407
- # },
2408
- # },
2409
- # data_location: {
2410
- # catalog_id: "CatalogIdString",
2411
- # resource_arn: "ResourceArnString", # required
2412
- # },
2413
- # data_cells_filter: {
2414
- # table_catalog_id: "CatalogIdString",
2415
- # database_name: "NameString",
2416
- # table_name: "NameString",
2417
- # name: "NameString",
2418
- # },
2419
- # lf_tag: {
2420
- # catalog_id: "CatalogIdString",
2421
- # tag_key: "NameString", # required
2422
- # tag_values: ["LFTagValue"], # required
2423
- # },
2424
- # lf_tag_policy: {
2425
- # catalog_id: "CatalogIdString",
2426
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2427
- # expression: [ # required
2428
- # {
2429
- # tag_key: "LFTagKey", # required
2430
- # tag_values: ["LFTagValue"], # required
2431
- # },
2432
- # ],
2433
- # },
2434
- # },
2435
- # next_token: "Token",
2436
- # max_results: 1,
2437
- # include_related: "TrueFalseString",
2438
- # }
2044
+ # @!attribute [rw] principal
2045
+ # The Lake Formation principal. Supported principals are IAM users or
2046
+ # IAM roles.
2047
+ # @return [Types::DataLakePrincipal]
2048
+ #
2049
+ # @!attribute [rw] resource
2050
+ # A structure for the resource.
2051
+ # @return [Types::Resource]
2052
+ #
2053
+ # @!attribute [rw] max_results
2054
+ # The maximum number of results to return.
2055
+ # @return [Integer]
2056
+ #
2057
+ # @!attribute [rw] next_token
2058
+ # A continuation token, if this is not the first call to retrieve this
2059
+ # list.
2060
+ # @return [String]
2061
+ #
2062
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListLakeFormationOptInsRequest AWS API Documentation
2063
+ #
2064
+ class ListLakeFormationOptInsRequest < Struct.new(
2065
+ :principal,
2066
+ :resource,
2067
+ :max_results,
2068
+ :next_token)
2069
+ SENSITIVE = []
2070
+ include Aws::Structure
2071
+ end
2072
+
2073
+ # @!attribute [rw] lake_formation_opt_ins_info_list
2074
+ # A list of principal-resource pairs that have Lake Formation
2075
+ # permissins enforced.
2076
+ # @return [Array<Types::LakeFormationOptInsInfo>]
2077
+ #
2078
+ # @!attribute [rw] next_token
2079
+ # A continuation token, if this is not the first call to retrieve this
2080
+ # list.
2081
+ # @return [String]
2082
+ #
2083
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListLakeFormationOptInsResponse AWS API Documentation
2439
2084
  #
2085
+ class ListLakeFormationOptInsResponse < Struct.new(
2086
+ :lake_formation_opt_ins_info_list,
2087
+ :next_token)
2088
+ SENSITIVE = []
2089
+ include Aws::Structure
2090
+ end
2091
+
2440
2092
  # @!attribute [rw] catalog_id
2441
2093
  # The identifier for the Data Catalog. By default, the account ID. The
2442
2094
  # Data Catalog is the persistent metadata store. It contains database
@@ -2507,21 +2159,6 @@ module Aws::LakeFormation
2507
2159
  include Aws::Structure
2508
2160
  end
2509
2161
 
2510
- # @note When making an API call, you may pass ListResourcesRequest
2511
- # data as a hash:
2512
- #
2513
- # {
2514
- # filter_condition_list: [
2515
- # {
2516
- # field: "RESOURCE_ARN", # accepts RESOURCE_ARN, ROLE_ARN, LAST_MODIFIED
2517
- # comparison_operator: "EQ", # accepts EQ, NE, LE, LT, GE, GT, CONTAINS, NOT_CONTAINS, BEGINS_WITH, IN, BETWEEN
2518
- # string_value_list: ["StringValue"],
2519
- # },
2520
- # ],
2521
- # max_results: 1,
2522
- # next_token: "Token",
2523
- # }
2524
- #
2525
2162
  # @!attribute [rw] filter_condition_list
2526
2163
  # Any applicable row-level and/or column-level filtering conditions
2527
2164
  # for the resources.
@@ -2564,18 +2201,6 @@ module Aws::LakeFormation
2564
2201
  include Aws::Structure
2565
2202
  end
2566
2203
 
2567
- # @note When making an API call, you may pass ListTableStorageOptimizersRequest
2568
- # data as a hash:
2569
- #
2570
- # {
2571
- # catalog_id: "CatalogIdString",
2572
- # database_name: "NameString", # required
2573
- # table_name: "NameString", # required
2574
- # storage_optimizer_type: "COMPACTION", # accepts COMPACTION, GARBAGE_COLLECTION, ALL
2575
- # max_results: 1,
2576
- # next_token: "Token",
2577
- # }
2578
- #
2579
2204
  # @!attribute [rw] catalog_id
2580
2205
  # The Catalog ID of the table.
2581
2206
  # @return [String]
@@ -2632,16 +2257,6 @@ module Aws::LakeFormation
2632
2257
  include Aws::Structure
2633
2258
  end
2634
2259
 
2635
- # @note When making an API call, you may pass ListTransactionsRequest
2636
- # data as a hash:
2637
- #
2638
- # {
2639
- # catalog_id: "CatalogIdString",
2640
- # status_filter: "ALL", # accepts ALL, COMPLETED, ACTIVE, COMMITTED, ABORTED
2641
- # max_results: 1,
2642
- # next_token: "TokenString",
2643
- # }
2644
- #
2645
2260
  # @!attribute [rw] catalog_id
2646
2261
  # The catalog for which to list transactions. Defaults to the account
2647
2262
  # ID of the caller.
@@ -2725,6 +2340,38 @@ module Aws::LakeFormation
2725
2340
  include Aws::Structure
2726
2341
  end
2727
2342
 
2343
+ # Contains a list of values defining partitions.
2344
+ #
2345
+ # @!attribute [rw] values
2346
+ # The list of partition values.
2347
+ # @return [Array<String>]
2348
+ #
2349
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PartitionValueList AWS API Documentation
2350
+ #
2351
+ class PartitionValueList < Struct.new(
2352
+ :values)
2353
+ SENSITIVE = []
2354
+ include Aws::Structure
2355
+ end
2356
+
2357
+ # The engine does not support filtering data based on the enforced
2358
+ # permissions. For example, if you call the
2359
+ # `GetTemporaryGlueTableCredentials` operation with
2360
+ # `SupportedPermissionType` equal to `ColumnPermission`, but cell-level
2361
+ # permissions exist on the table, this exception is thrown.
2362
+ #
2363
+ # @!attribute [rw] message
2364
+ # A message describing the problem.
2365
+ # @return [String]
2366
+ #
2367
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PermissionTypeMismatchException AWS API Documentation
2368
+ #
2369
+ class PermissionTypeMismatchException < Struct.new(
2370
+ :message)
2371
+ SENSITIVE = []
2372
+ include Aws::Structure
2373
+ end
2374
+
2728
2375
  # Statistics related to the processing of a query statement.
2729
2376
  #
2730
2377
  # @!attribute [rw] estimated_data_to_scan_bytes
@@ -2756,16 +2403,6 @@ module Aws::LakeFormation
2756
2403
 
2757
2404
  # Permissions granted to a principal.
2758
2405
  #
2759
- # @note When making an API call, you may pass PrincipalPermissions
2760
- # data as a hash:
2761
- #
2762
- # {
2763
- # principal: {
2764
- # data_lake_principal_identifier: "DataLakePrincipalString",
2765
- # },
2766
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2767
- # }
2768
- #
2769
2406
  # @!attribute [rw] principal
2770
2407
  # The principal who is granted permissions.
2771
2408
  # @return [Types::DataLakePrincipal]
@@ -2808,6 +2445,14 @@ module Aws::LakeFormation
2808
2445
  # resource share ARN.
2809
2446
  # @return [Types::DetailsMap]
2810
2447
  #
2448
+ # @!attribute [rw] last_updated
2449
+ # The date and time when the resource was last updated.
2450
+ # @return [Time]
2451
+ #
2452
+ # @!attribute [rw] last_updated_by
2453
+ # The user who updated the record.
2454
+ # @return [String]
2455
+ #
2811
2456
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PrincipalResourcePermissions AWS API Documentation
2812
2457
  #
2813
2458
  class PrincipalResourcePermissions < Struct.new(
@@ -2815,42 +2460,13 @@ module Aws::LakeFormation
2815
2460
  :resource,
2816
2461
  :permissions,
2817
2462
  :permissions_with_grant_option,
2818
- :additional_details)
2819
- SENSITIVE = []
2820
- include Aws::Structure
2821
- end
2822
-
2823
- # @note When making an API call, you may pass PutDataLakeSettingsRequest
2824
- # data as a hash:
2825
- #
2826
- # {
2827
- # catalog_id: "CatalogIdString",
2828
- # data_lake_settings: { # required
2829
- # data_lake_admins: [
2830
- # {
2831
- # data_lake_principal_identifier: "DataLakePrincipalString",
2832
- # },
2833
- # ],
2834
- # create_database_default_permissions: [
2835
- # {
2836
- # principal: {
2837
- # data_lake_principal_identifier: "DataLakePrincipalString",
2838
- # },
2839
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2840
- # },
2841
- # ],
2842
- # create_table_default_permissions: [
2843
- # {
2844
- # principal: {
2845
- # data_lake_principal_identifier: "DataLakePrincipalString",
2846
- # },
2847
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2848
- # },
2849
- # ],
2850
- # trusted_resource_owners: ["CatalogIdString"],
2851
- # },
2852
- # }
2853
- #
2463
+ :additional_details,
2464
+ :last_updated,
2465
+ :last_updated_by)
2466
+ SENSITIVE = []
2467
+ include Aws::Structure
2468
+ end
2469
+
2854
2470
  # @!attribute [rw] catalog_id
2855
2471
  # The identifier for the Data Catalog. By default, the account ID. The
2856
2472
  # Data Catalog is the persistent metadata store. It contains database
@@ -2878,19 +2494,6 @@ module Aws::LakeFormation
2878
2494
 
2879
2495
  # A structure containing information about the query plan.
2880
2496
  #
2881
- # @note When making an API call, you may pass QueryPlanningContext
2882
- # data as a hash:
2883
- #
2884
- # {
2885
- # catalog_id: "CatalogIdString",
2886
- # database_name: "QueryPlanningContextDatabaseNameString", # required
2887
- # query_as_of_time: Time.now,
2888
- # query_parameters: {
2889
- # "String" => "String",
2890
- # },
2891
- # transaction_id: "TransactionIdString",
2892
- # }
2893
- #
2894
2497
  # @!attribute [rw] catalog_id
2895
2498
  # The ID of the Data Catalog where the partition in question resides.
2896
2499
  # If none is provided, the Amazon Web Services account ID is used by
@@ -2932,15 +2535,6 @@ module Aws::LakeFormation
2932
2535
  include Aws::Structure
2933
2536
  end
2934
2537
 
2935
- # @note When making an API call, you may pass RegisterResourceRequest
2936
- # data as a hash:
2937
- #
2938
- # {
2939
- # resource_arn: "ResourceArnString", # required
2940
- # use_service_linked_role: false,
2941
- # role_arn: "IAMRoleArn",
2942
- # }
2943
- #
2944
2538
  # @!attribute [rw] resource_arn
2945
2539
  # The Amazon Resource Name (ARN) of the resource that you want to
2946
2540
  # register.
@@ -2957,19 +2551,31 @@ module Aws::LakeFormation
2957
2551
  #
2958
2552
  #
2959
2553
  #
2960
- # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
2554
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
2961
2555
  # @return [Boolean]
2962
2556
  #
2963
2557
  # @!attribute [rw] role_arn
2964
2558
  # The identifier for the role that registers the resource.
2965
2559
  # @return [String]
2966
2560
  #
2561
+ # @!attribute [rw] with_federation
2562
+ # Whether or not the resource is a federated resource.
2563
+ # @return [Boolean]
2564
+ #
2565
+ # @!attribute [rw] hybrid_access_enabled
2566
+ # Specifies whether the data access of tables pointing to the location
2567
+ # can be managed by both Lake Formation permissions as well as Amazon
2568
+ # S3 bucket policies.
2569
+ # @return [Boolean]
2570
+ #
2967
2571
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RegisterResourceRequest AWS API Documentation
2968
2572
  #
2969
2573
  class RegisterResourceRequest < Struct.new(
2970
2574
  :resource_arn,
2971
2575
  :use_service_linked_role,
2972
- :role_arn)
2576
+ :role_arn,
2577
+ :with_federation,
2578
+ :hybrid_access_enabled)
2973
2579
  SENSITIVE = []
2974
2580
  include Aws::Structure
2975
2581
  end
@@ -2978,69 +2584,6 @@ module Aws::LakeFormation
2978
2584
  #
2979
2585
  class RegisterResourceResponse < Aws::EmptyStructure; end
2980
2586
 
2981
- # @note When making an API call, you may pass RemoveLFTagsFromResourceRequest
2982
- # data as a hash:
2983
- #
2984
- # {
2985
- # catalog_id: "CatalogIdString",
2986
- # resource: { # required
2987
- # catalog: {
2988
- # },
2989
- # database: {
2990
- # catalog_id: "CatalogIdString",
2991
- # name: "NameString", # required
2992
- # },
2993
- # table: {
2994
- # catalog_id: "CatalogIdString",
2995
- # database_name: "NameString", # required
2996
- # name: "NameString",
2997
- # table_wildcard: {
2998
- # },
2999
- # },
3000
- # table_with_columns: {
3001
- # catalog_id: "CatalogIdString",
3002
- # database_name: "NameString", # required
3003
- # name: "NameString", # required
3004
- # column_names: ["NameString"],
3005
- # column_wildcard: {
3006
- # excluded_column_names: ["NameString"],
3007
- # },
3008
- # },
3009
- # data_location: {
3010
- # catalog_id: "CatalogIdString",
3011
- # resource_arn: "ResourceArnString", # required
3012
- # },
3013
- # data_cells_filter: {
3014
- # table_catalog_id: "CatalogIdString",
3015
- # database_name: "NameString",
3016
- # table_name: "NameString",
3017
- # name: "NameString",
3018
- # },
3019
- # lf_tag: {
3020
- # catalog_id: "CatalogIdString",
3021
- # tag_key: "NameString", # required
3022
- # tag_values: ["LFTagValue"], # required
3023
- # },
3024
- # lf_tag_policy: {
3025
- # catalog_id: "CatalogIdString",
3026
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3027
- # expression: [ # required
3028
- # {
3029
- # tag_key: "LFTagKey", # required
3030
- # tag_values: ["LFTagValue"], # required
3031
- # },
3032
- # ],
3033
- # },
3034
- # },
3035
- # lf_tags: [ # required
3036
- # {
3037
- # catalog_id: "CatalogIdString",
3038
- # tag_key: "LFTagKey", # required
3039
- # tag_values: ["LFTagValue"], # required
3040
- # },
3041
- # ],
3042
- # }
3043
- #
3044
2587
  # @!attribute [rw] catalog_id
3045
2588
  # The identifier for the Data Catalog. By default, the account ID. The
3046
2589
  # Data Catalog is the persistent metadata store. It contains database
@@ -3081,59 +2624,6 @@ module Aws::LakeFormation
3081
2624
 
3082
2625
  # A structure for the resource.
3083
2626
  #
3084
- # @note When making an API call, you may pass Resource
3085
- # data as a hash:
3086
- #
3087
- # {
3088
- # catalog: {
3089
- # },
3090
- # database: {
3091
- # catalog_id: "CatalogIdString",
3092
- # name: "NameString", # required
3093
- # },
3094
- # table: {
3095
- # catalog_id: "CatalogIdString",
3096
- # database_name: "NameString", # required
3097
- # name: "NameString",
3098
- # table_wildcard: {
3099
- # },
3100
- # },
3101
- # table_with_columns: {
3102
- # catalog_id: "CatalogIdString",
3103
- # database_name: "NameString", # required
3104
- # name: "NameString", # required
3105
- # column_names: ["NameString"],
3106
- # column_wildcard: {
3107
- # excluded_column_names: ["NameString"],
3108
- # },
3109
- # },
3110
- # data_location: {
3111
- # catalog_id: "CatalogIdString",
3112
- # resource_arn: "ResourceArnString", # required
3113
- # },
3114
- # data_cells_filter: {
3115
- # table_catalog_id: "CatalogIdString",
3116
- # database_name: "NameString",
3117
- # table_name: "NameString",
3118
- # name: "NameString",
3119
- # },
3120
- # lf_tag: {
3121
- # catalog_id: "CatalogIdString",
3122
- # tag_key: "NameString", # required
3123
- # tag_values: ["LFTagValue"], # required
3124
- # },
3125
- # lf_tag_policy: {
3126
- # catalog_id: "CatalogIdString",
3127
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3128
- # expression: [ # required
3129
- # {
3130
- # tag_key: "LFTagKey", # required
3131
- # tag_values: ["LFTagValue"], # required
3132
- # },
3133
- # ],
3134
- # },
3135
- # }
3136
- #
3137
2627
  # @!attribute [rw] catalog
3138
2628
  # The identifier for the Data Catalog. By default, the account ID. The
3139
2629
  # Data Catalog is the persistent metadata store. It contains database
@@ -3206,12 +2696,24 @@ module Aws::LakeFormation
3206
2696
  # The date and time the resource was last modified.
3207
2697
  # @return [Time]
3208
2698
  #
2699
+ # @!attribute [rw] with_federation
2700
+ # Whether or not the resource is a federated resource.
2701
+ # @return [Boolean]
2702
+ #
2703
+ # @!attribute [rw] hybrid_access_enabled
2704
+ # Indicates whether the data access of tables pointing to the location
2705
+ # can be managed by both Lake Formation permissions as well as Amazon
2706
+ # S3 bucket policies.
2707
+ # @return [Boolean]
2708
+ #
3209
2709
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ResourceInfo AWS API Documentation
3210
2710
  #
3211
2711
  class ResourceInfo < Struct.new(
3212
2712
  :resource_arn,
3213
2713
  :role_arn,
3214
- :last_modified)
2714
+ :last_modified,
2715
+ :with_federation,
2716
+ :hybrid_access_enabled)
3215
2717
  SENSITIVE = []
3216
2718
  include Aws::Structure
3217
2719
  end
@@ -3245,67 +2747,6 @@ module Aws::LakeFormation
3245
2747
  include Aws::Structure
3246
2748
  end
3247
2749
 
3248
- # @note When making an API call, you may pass RevokePermissionsRequest
3249
- # data as a hash:
3250
- #
3251
- # {
3252
- # catalog_id: "CatalogIdString",
3253
- # principal: { # required
3254
- # data_lake_principal_identifier: "DataLakePrincipalString",
3255
- # },
3256
- # resource: { # required
3257
- # catalog: {
3258
- # },
3259
- # database: {
3260
- # catalog_id: "CatalogIdString",
3261
- # name: "NameString", # required
3262
- # },
3263
- # table: {
3264
- # catalog_id: "CatalogIdString",
3265
- # database_name: "NameString", # required
3266
- # name: "NameString",
3267
- # table_wildcard: {
3268
- # },
3269
- # },
3270
- # table_with_columns: {
3271
- # catalog_id: "CatalogIdString",
3272
- # database_name: "NameString", # required
3273
- # name: "NameString", # required
3274
- # column_names: ["NameString"],
3275
- # column_wildcard: {
3276
- # excluded_column_names: ["NameString"],
3277
- # },
3278
- # },
3279
- # data_location: {
3280
- # catalog_id: "CatalogIdString",
3281
- # resource_arn: "ResourceArnString", # required
3282
- # },
3283
- # data_cells_filter: {
3284
- # table_catalog_id: "CatalogIdString",
3285
- # database_name: "NameString",
3286
- # table_name: "NameString",
3287
- # name: "NameString",
3288
- # },
3289
- # lf_tag: {
3290
- # catalog_id: "CatalogIdString",
3291
- # tag_key: "NameString", # required
3292
- # tag_values: ["LFTagValue"], # required
3293
- # },
3294
- # lf_tag_policy: {
3295
- # catalog_id: "CatalogIdString",
3296
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3297
- # expression: [ # required
3298
- # {
3299
- # tag_key: "LFTagKey", # required
3300
- # tag_values: ["LFTagValue"], # required
3301
- # },
3302
- # ],
3303
- # },
3304
- # },
3305
- # permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
3306
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
3307
- # }
3308
- #
3309
2750
  # @!attribute [rw] catalog_id
3310
2751
  # The identifier for the Data Catalog. By default, the account ID. The
3311
2752
  # Data Catalog is the persistent metadata store. It contains database
@@ -3328,7 +2769,7 @@ module Aws::LakeFormation
3328
2769
  #
3329
2770
  #
3330
2771
  #
3331
- # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html
2772
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html
3332
2773
  # @return [Array<String>]
3333
2774
  #
3334
2775
  # @!attribute [rw] permissions_with_grant_option
@@ -3354,15 +2795,6 @@ module Aws::LakeFormation
3354
2795
 
3355
2796
  # A PartiQL predicate.
3356
2797
  #
3357
- # @note When making an API call, you may pass RowFilter
3358
- # data as a hash:
3359
- #
3360
- # {
3361
- # filter_expression: "PredicateString",
3362
- # all_rows_wildcard: {
3363
- # },
3364
- # }
3365
- #
3366
2798
  # @!attribute [rw] filter_expression
3367
2799
  # A filter expression.
3368
2800
  # @return [String]
@@ -3380,21 +2812,6 @@ module Aws::LakeFormation
3380
2812
  include Aws::Structure
3381
2813
  end
3382
2814
 
3383
- # @note When making an API call, you may pass SearchDatabasesByLFTagsRequest
3384
- # data as a hash:
3385
- #
3386
- # {
3387
- # next_token: "Token",
3388
- # max_results: 1,
3389
- # catalog_id: "CatalogIdString",
3390
- # expression: [ # required
3391
- # {
3392
- # tag_key: "LFTagKey", # required
3393
- # tag_values: ["LFTagValue"], # required
3394
- # },
3395
- # ],
3396
- # }
3397
- #
3398
2815
  # @!attribute [rw] next_token
3399
2816
  # A continuation token, if this is not the first call to retrieve this
3400
2817
  # list.
@@ -3445,21 +2862,6 @@ module Aws::LakeFormation
3445
2862
  include Aws::Structure
3446
2863
  end
3447
2864
 
3448
- # @note When making an API call, you may pass SearchTablesByLFTagsRequest
3449
- # data as a hash:
3450
- #
3451
- # {
3452
- # next_token: "Token",
3453
- # max_results: 1,
3454
- # catalog_id: "CatalogIdString",
3455
- # expression: [ # required
3456
- # {
3457
- # tag_key: "LFTagKey", # required
3458
- # tag_values: ["LFTagValue"], # required
3459
- # },
3460
- # ],
3461
- # }
3462
- #
3463
2865
  # @!attribute [rw] next_token
3464
2866
  # A continuation token, if this is not the first call to retrieve this
3465
2867
  # list.
@@ -3510,22 +2912,6 @@ module Aws::LakeFormation
3510
2912
  include Aws::Structure
3511
2913
  end
3512
2914
 
3513
- # @note When making an API call, you may pass StartQueryPlanningRequest
3514
- # data as a hash:
3515
- #
3516
- # {
3517
- # query_planning_context: { # required
3518
- # catalog_id: "CatalogIdString",
3519
- # database_name: "QueryPlanningContextDatabaseNameString", # required
3520
- # query_as_of_time: Time.now,
3521
- # query_parameters: {
3522
- # "String" => "String",
3523
- # },
3524
- # transaction_id: "TransactionIdString",
3525
- # },
3526
- # query_string: "SyntheticStartQueryPlanningRequestQueryString", # required
3527
- # }
3528
- #
3529
2915
  # @!attribute [rw] query_planning_context
3530
2916
  # A structure containing information about the query plan.
3531
2917
  # @return [Types::QueryPlanningContext]
@@ -3560,13 +2946,6 @@ module Aws::LakeFormation
3560
2946
  include Aws::Structure
3561
2947
  end
3562
2948
 
3563
- # @note When making an API call, you may pass StartTransactionRequest
3564
- # data as a hash:
3565
- #
3566
- # {
3567
- # transaction_type: "READ_AND_WRITE", # accepts READ_AND_WRITE, READ_ONLY
3568
- # }
3569
- #
3570
2949
  # @!attribute [rw] transaction_type
3571
2950
  # Indicates whether this transaction should be read only or read and
3572
2951
  # write. Writes made using a read-only transaction ID will be
@@ -3681,17 +3060,6 @@ module Aws::LakeFormation
3681
3060
  # that represents your data. You can Grant and Revoke table privileges
3682
3061
  # to a principal.
3683
3062
  #
3684
- # @note When making an API call, you may pass TableResource
3685
- # data as a hash:
3686
- #
3687
- # {
3688
- # catalog_id: "CatalogIdString",
3689
- # database_name: "NameString", # required
3690
- # name: "NameString",
3691
- # table_wildcard: {
3692
- # },
3693
- # }
3694
- #
3695
3063
  # @!attribute [rw] catalog_id
3696
3064
  # The identifier for the Data Catalog. By default, it is the account
3697
3065
  # ID of the caller.
@@ -3740,19 +3108,6 @@ module Aws::LakeFormation
3740
3108
  # This object must take a value for at least one of `ColumnsNames`,
3741
3109
  # `ColumnsIndexes`, or `ColumnsWildcard`.
3742
3110
  #
3743
- # @note When making an API call, you may pass TableWithColumnsResource
3744
- # data as a hash:
3745
- #
3746
- # {
3747
- # catalog_id: "CatalogIdString",
3748
- # database_name: "NameString", # required
3749
- # name: "NameString", # required
3750
- # column_names: ["NameString"],
3751
- # column_wildcard: {
3752
- # excluded_column_names: ["NameString"],
3753
- # },
3754
- # }
3755
- #
3756
3111
  # @!attribute [rw] catalog_id
3757
3112
  # The identifier for the Data Catalog. By default, it is the account
3758
3113
  # ID of the caller.
@@ -3930,16 +3285,23 @@ module Aws::LakeFormation
3930
3285
  include Aws::Structure
3931
3286
  end
3932
3287
 
3933
- # @note When making an API call, you may pass UpdateLFTagRequest
3934
- # data as a hash:
3288
+ # @!attribute [rw] table_data
3289
+ # A `DataCellsFilter` structure containing information about the data
3290
+ # cells filter.
3291
+ # @return [Types::DataCellsFilter]
3935
3292
  #
3936
- # {
3937
- # catalog_id: "CatalogIdString",
3938
- # tag_key: "LFTagKey", # required
3939
- # tag_values_to_delete: ["LFTagValue"],
3940
- # tag_values_to_add: ["LFTagValue"],
3941
- # }
3293
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateDataCellsFilterRequest AWS API Documentation
3294
+ #
3295
+ class UpdateDataCellsFilterRequest < Struct.new(
3296
+ :table_data)
3297
+ SENSITIVE = []
3298
+ include Aws::Structure
3299
+ end
3300
+
3301
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateDataCellsFilterResponse AWS API Documentation
3942
3302
  #
3303
+ class UpdateDataCellsFilterResponse < Aws::EmptyStructure; end
3304
+
3943
3305
  # @!attribute [rw] catalog_id
3944
3306
  # The identifier for the Data Catalog. By default, the account ID. The
3945
3307
  # Data Catalog is the persistent metadata store. It contains database
@@ -3974,14 +3336,6 @@ module Aws::LakeFormation
3974
3336
  #
3975
3337
  class UpdateLFTagResponse < Aws::EmptyStructure; end
3976
3338
 
3977
- # @note When making an API call, you may pass UpdateResourceRequest
3978
- # data as a hash:
3979
- #
3980
- # {
3981
- # role_arn: "IAMRoleArn", # required
3982
- # resource_arn: "ResourceArnString", # required
3983
- # }
3984
- #
3985
3339
  # @!attribute [rw] role_arn
3986
3340
  # The new role to use for the given resource registered in Lake
3987
3341
  # Formation.
@@ -3991,11 +3345,23 @@ module Aws::LakeFormation
3991
3345
  # The resource ARN.
3992
3346
  # @return [String]
3993
3347
  #
3348
+ # @!attribute [rw] with_federation
3349
+ # Whether or not the resource is a federated resource.
3350
+ # @return [Boolean]
3351
+ #
3352
+ # @!attribute [rw] hybrid_access_enabled
3353
+ # Specifies whether the data access of tables pointing to the location
3354
+ # can be managed by both Lake Formation permissions as well as Amazon
3355
+ # S3 bucket policies.
3356
+ # @return [Boolean]
3357
+ #
3994
3358
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateResourceRequest AWS API Documentation
3995
3359
  #
3996
3360
  class UpdateResourceRequest < Struct.new(
3997
3361
  :role_arn,
3998
- :resource_arn)
3362
+ :resource_arn,
3363
+ :with_federation,
3364
+ :hybrid_access_enabled)
3999
3365
  SENSITIVE = []
4000
3366
  include Aws::Structure
4001
3367
  end
@@ -4004,31 +3370,6 @@ module Aws::LakeFormation
4004
3370
  #
4005
3371
  class UpdateResourceResponse < Aws::EmptyStructure; end
4006
3372
 
4007
- # @note When making an API call, you may pass UpdateTableObjectsRequest
4008
- # data as a hash:
4009
- #
4010
- # {
4011
- # catalog_id: "CatalogIdString",
4012
- # database_name: "NameString", # required
4013
- # table_name: "NameString", # required
4014
- # transaction_id: "TransactionIdString", # required
4015
- # write_operations: [ # required
4016
- # {
4017
- # add_object: {
4018
- # uri: "URI", # required
4019
- # etag: "ETagString", # required
4020
- # size: 1, # required
4021
- # partition_values: ["PartitionValueString"],
4022
- # },
4023
- # delete_object: {
4024
- # uri: "URI", # required
4025
- # etag: "ETagString",
4026
- # partition_values: ["PartitionValueString"],
4027
- # },
4028
- # },
4029
- # ],
4030
- # }
4031
- #
4032
3373
  # @!attribute [rw] catalog_id
4033
3374
  # The catalog containing the governed table to update. Defaults to the
4034
3375
  # caller’s account ID.
@@ -4067,20 +3408,6 @@ module Aws::LakeFormation
4067
3408
  #
4068
3409
  class UpdateTableObjectsResponse < Aws::EmptyStructure; end
4069
3410
 
4070
- # @note When making an API call, you may pass UpdateTableStorageOptimizerRequest
4071
- # data as a hash:
4072
- #
4073
- # {
4074
- # catalog_id: "CatalogIdString",
4075
- # database_name: "NameString", # required
4076
- # table_name: "NameString", # required
4077
- # storage_optimizer_config: { # required
4078
- # "COMPACTION" => {
4079
- # "StorageOptimizerConfigKey" => "StorageOptimizerConfigValue",
4080
- # },
4081
- # },
4082
- # }
4083
- #
4084
3411
  # @!attribute [rw] catalog_id
4085
3412
  # The Catalog ID of the table.
4086
3413
  # @return [String]
@@ -4124,14 +3451,6 @@ module Aws::LakeFormation
4124
3451
  # transaction cancels, provided that `VirtualPut` was called before
4125
3452
  # writing the object.
4126
3453
  #
4127
- # @note When making an API call, you may pass VirtualObject
4128
- # data as a hash:
4129
- #
4130
- # {
4131
- # uri: "URI", # required
4132
- # etag: "ETagString",
4133
- # }
4134
- #
4135
3454
  # @!attribute [rw] uri
4136
3455
  # The path to the Amazon S3 object. Must start with s3://
4137
3456
  # @return [String]
@@ -4191,23 +3510,6 @@ module Aws::LakeFormation
4191
3510
 
4192
3511
  # Defines an object to add to or delete from a governed table.
4193
3512
  #
4194
- # @note When making an API call, you may pass WriteOperation
4195
- # data as a hash:
4196
- #
4197
- # {
4198
- # add_object: {
4199
- # uri: "URI", # required
4200
- # etag: "ETagString", # required
4201
- # size: 1, # required
4202
- # partition_values: ["PartitionValueString"],
4203
- # },
4204
- # delete_object: {
4205
- # uri: "URI", # required
4206
- # etag: "ETagString",
4207
- # partition_values: ["PartitionValueString"],
4208
- # },
4209
- # }
4210
- #
4211
3513
  # @!attribute [rw] add_object
4212
3514
  # A new object to add to the governed table.
4213
3515
  # @return [Types::AddObjectInput]