aws-sdk-lakeformation 1.20.0 → 1.42.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +113 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-lakeformation/client.rb +708 -38
  5. data/lib/aws-sdk-lakeformation/client_api.rb +272 -3
  6. data/lib/aws-sdk-lakeformation/endpoint_parameters.rb +66 -0
  7. data/lib/aws-sdk-lakeformation/endpoint_provider.rb +54 -0
  8. data/lib/aws-sdk-lakeformation/endpoints.rb +716 -0
  9. data/lib/aws-sdk-lakeformation/errors.rb +16 -0
  10. data/lib/aws-sdk-lakeformation/plugins/endpoints.rb +168 -0
  11. data/lib/aws-sdk-lakeformation/types.rb +548 -1246
  12. data/lib/aws-sdk-lakeformation.rb +5 -1
  13. metadata +8 -4
data/lib/aws-sdk-lakeformation/types.rb CHANGED
@@ -24,69 +24,6 @@ module Aws::LakeFormation
24
24
  include Aws::Structure
25
25
  end
26
26
 
27
- # @note When making an API call, you may pass AddLFTagsToResourceRequest
28
- # data as a hash:
29
- #
30
- # {
31
- # catalog_id: "CatalogIdString",
32
- # resource: { # required
33
- # catalog: {
34
- # },
35
- # database: {
36
- # catalog_id: "CatalogIdString",
37
- # name: "NameString", # required
38
- # },
39
- # table: {
40
- # catalog_id: "CatalogIdString",
41
- # database_name: "NameString", # required
42
- # name: "NameString",
43
- # table_wildcard: {
44
- # },
45
- # },
46
- # table_with_columns: {
47
- # catalog_id: "CatalogIdString",
48
- # database_name: "NameString", # required
49
- # name: "NameString", # required
50
- # column_names: ["NameString"],
51
- # column_wildcard: {
52
- # excluded_column_names: ["NameString"],
53
- # },
54
- # },
55
- # data_location: {
56
- # catalog_id: "CatalogIdString",
57
- # resource_arn: "ResourceArnString", # required
58
- # },
59
- # data_cells_filter: {
60
- # table_catalog_id: "CatalogIdString",
61
- # database_name: "NameString",
62
- # table_name: "NameString",
63
- # name: "NameString",
64
- # },
65
- # lf_tag: {
66
- # catalog_id: "CatalogIdString",
67
- # tag_key: "NameString", # required
68
- # tag_values: ["LFTagValue"], # required
69
- # },
70
- # lf_tag_policy: {
71
- # catalog_id: "CatalogIdString",
72
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
73
- # expression: [ # required
74
- # {
75
- # tag_key: "LFTagKey", # required
76
- # tag_values: ["LFTagValue"], # required
77
- # },
78
- # ],
79
- # },
80
- # },
81
- # lf_tags: [ # required
82
- # {
83
- # catalog_id: "CatalogIdString",
84
- # tag_key: "LFTagKey", # required
85
- # tag_values: ["LFTagValue"], # required
86
- # },
87
- # ],
88
- # }
89
- #
90
27
  # @!attribute [rw] catalog_id
91
28
  # The identifier for the Data Catalog. By default, the account ID. The
92
29
  # Data Catalog is the persistent metadata store. It contains database
@@ -127,16 +64,6 @@ module Aws::LakeFormation
127
64
 
128
65
  # A new object to add to the governed table.
129
66
  #
130
- # @note When making an API call, you may pass AddObjectInput
131
- # data as a hash:
132
- #
133
- # {
134
- # uri: "URI", # required
135
- # etag: "ETagString", # required
136
- # size: 1, # required
137
- # partition_values: ["PartitionValueString"],
138
- # }
139
- #
140
67
  # @!attribute [rw] uri
141
68
  # The Amazon S3 location of the object.
142
69
  # @return [String]
@@ -192,72 +119,86 @@ module Aws::LakeFormation
192
119
  include Aws::Structure
193
120
  end
194
121
 
195
- # @note When making an API call, you may pass BatchGrantPermissionsRequest
196
- # data as a hash:
197
- #
198
- # {
199
- # catalog_id: "CatalogIdString",
200
- # entries: [ # required
201
- # {
202
- # id: "Identifier", # required
203
- # principal: {
204
- # data_lake_principal_identifier: "DataLakePrincipalString",
205
- # },
206
- # resource: {
207
- # catalog: {
208
- # },
209
- # database: {
210
- # catalog_id: "CatalogIdString",
211
- # name: "NameString", # required
212
- # },
213
- # table: {
214
- # catalog_id: "CatalogIdString",
215
- # database_name: "NameString", # required
216
- # name: "NameString",
217
- # table_wildcard: {
218
- # },
219
- # },
220
- # table_with_columns: {
221
- # catalog_id: "CatalogIdString",
222
- # database_name: "NameString", # required
223
- # name: "NameString", # required
224
- # column_names: ["NameString"],
225
- # column_wildcard: {
226
- # excluded_column_names: ["NameString"],
227
- # },
228
- # },
229
- # data_location: {
230
- # catalog_id: "CatalogIdString",
231
- # resource_arn: "ResourceArnString", # required
232
- # },
233
- # data_cells_filter: {
234
- # table_catalog_id: "CatalogIdString",
235
- # database_name: "NameString",
236
- # table_name: "NameString",
237
- # name: "NameString",
238
- # },
239
- # lf_tag: {
240
- # catalog_id: "CatalogIdString",
241
- # tag_key: "NameString", # required
242
- # tag_values: ["LFTagValue"], # required
243
- # },
244
- # lf_tag_policy: {
245
- # catalog_id: "CatalogIdString",
246
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
247
- # expression: [ # required
248
- # {
249
- # tag_key: "LFTagKey", # required
250
- # tag_values: ["LFTagValue"], # required
251
- # },
252
- # ],
253
- # },
254
- # },
255
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
256
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
257
- # },
258
- # ],
259
- # }
122
+ # @!attribute [rw] saml_assertion
123
+ # A SAML assertion consisting of an assertion statement for the user
124
+ # who needs temporary credentials. This must match the SAML assertion
125
+ # that was issued to IAM. This must be Base64 encoded.
126
+ # @return [String]
127
+ #
128
+ # @!attribute [rw] role_arn
129
+ # The role that represents an IAM principal whose scope down policy
130
+ # allows it to call credential vending APIs such as
131
+ # `GetTemporaryTableCredentials`. The caller must also have
132
+ # iam:PassRole permission on this role.
133
+ # @return [String]
134
+ #
135
+ # @!attribute [rw] principal_arn
136
+ # The Amazon Resource Name (ARN) of the SAML provider in IAM that
137
+ # describes the IdP.
138
+ # @return [String]
139
+ #
140
+ # @!attribute [rw] duration_seconds
141
+ # The time period, between 900 and 43,200 seconds, for the timeout of
142
+ # the temporary credentials.
143
+ # @return [Integer]
144
+ #
145
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLRequest AWS API Documentation
146
+ #
147
+ class AssumeDecoratedRoleWithSAMLRequest < Struct.new(
148
+ :saml_assertion,
149
+ :role_arn,
150
+ :principal_arn,
151
+ :duration_seconds)
152
+ SENSITIVE = []
153
+ include Aws::Structure
154
+ end
155
+
156
+ # @!attribute [rw] access_key_id
157
+ # The access key ID for the temporary credentials. (The access key
158
+ # consists of an access key ID and a secret key).
159
+ # @return [String]
160
+ #
161
+ # @!attribute [rw] secret_access_key
162
+ # The secret key for the temporary credentials. (The access key
163
+ # consists of an access key ID and a secret key).
164
+ # @return [String]
165
+ #
166
+ # @!attribute [rw] session_token
167
+ # The session token for the temporary credentials.
168
+ # @return [String]
169
+ #
170
+ # @!attribute [rw] expiration
171
+ # The date and time when the temporary credentials expire.
172
+ # @return [Time]
260
173
  #
174
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AssumeDecoratedRoleWithSAMLResponse AWS API Documentation
175
+ #
176
+ class AssumeDecoratedRoleWithSAMLResponse < Struct.new(
177
+ :access_key_id,
178
+ :secret_access_key,
179
+ :session_token,
180
+ :expiration)
181
+ SENSITIVE = []
182
+ include Aws::Structure
183
+ end
184
+
185
+ # A structure used to include auditing information on the privileged
186
+ # API.
187
+ #
188
+ # @!attribute [rw] additional_audit_context
189
+ # The filter engine can populate the 'AdditionalAuditContext'
190
+ # information with the request ID for you to track. This information
191
+ # will be displayed in CloudTrail log in your account.
192
+ # @return [String]
193
+ #
194
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/AuditContext AWS API Documentation
195
+ #
196
+ class AuditContext < Struct.new(
197
+ :additional_audit_context)
198
+ SENSITIVE = []
199
+ include Aws::Structure
200
+ end
201
+
261
202
  # @!attribute [rw] catalog_id
262
203
  # The identifier for the Data Catalog. By default, the account ID. The
263
204
  # Data Catalog is the persistent metadata store. It contains database
@@ -314,67 +255,6 @@ module Aws::LakeFormation
314
255
  # A permission to a resource granted by batch operation to the
315
256
  # principal.
316
257
  #
317
- # @note When making an API call, you may pass BatchPermissionsRequestEntry
318
- # data as a hash:
319
- #
320
- # {
321
- # id: "Identifier", # required
322
- # principal: {
323
- # data_lake_principal_identifier: "DataLakePrincipalString",
324
- # },
325
- # resource: {
326
- # catalog: {
327
- # },
328
- # database: {
329
- # catalog_id: "CatalogIdString",
330
- # name: "NameString", # required
331
- # },
332
- # table: {
333
- # catalog_id: "CatalogIdString",
334
- # database_name: "NameString", # required
335
- # name: "NameString",
336
- # table_wildcard: {
337
- # },
338
- # },
339
- # table_with_columns: {
340
- # catalog_id: "CatalogIdString",
341
- # database_name: "NameString", # required
342
- # name: "NameString", # required
343
- # column_names: ["NameString"],
344
- # column_wildcard: {
345
- # excluded_column_names: ["NameString"],
346
- # },
347
- # },
348
- # data_location: {
349
- # catalog_id: "CatalogIdString",
350
- # resource_arn: "ResourceArnString", # required
351
- # },
352
- # data_cells_filter: {
353
- # table_catalog_id: "CatalogIdString",
354
- # database_name: "NameString",
355
- # table_name: "NameString",
356
- # name: "NameString",
357
- # },
358
- # lf_tag: {
359
- # catalog_id: "CatalogIdString",
360
- # tag_key: "NameString", # required
361
- # tag_values: ["LFTagValue"], # required
362
- # },
363
- # lf_tag_policy: {
364
- # catalog_id: "CatalogIdString",
365
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
366
- # expression: [ # required
367
- # {
368
- # tag_key: "LFTagKey", # required
369
- # tag_values: ["LFTagValue"], # required
370
- # },
371
- # ],
372
- # },
373
- # },
374
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
375
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
376
- # }
377
- #
378
258
  # @!attribute [rw] id
379
259
  # A unique identifier for the batch permissions request entry.
380
260
  # @return [String]
@@ -407,72 +287,6 @@ module Aws::LakeFormation
407
287
  include Aws::Structure
408
288
  end
409
289
 
410
- # @note When making an API call, you may pass BatchRevokePermissionsRequest
411
- # data as a hash:
412
- #
413
- # {
414
- # catalog_id: "CatalogIdString",
415
- # entries: [ # required
416
- # {
417
- # id: "Identifier", # required
418
- # principal: {
419
- # data_lake_principal_identifier: "DataLakePrincipalString",
420
- # },
421
- # resource: {
422
- # catalog: {
423
- # },
424
- # database: {
425
- # catalog_id: "CatalogIdString",
426
- # name: "NameString", # required
427
- # },
428
- # table: {
429
- # catalog_id: "CatalogIdString",
430
- # database_name: "NameString", # required
431
- # name: "NameString",
432
- # table_wildcard: {
433
- # },
434
- # },
435
- # table_with_columns: {
436
- # catalog_id: "CatalogIdString",
437
- # database_name: "NameString", # required
438
- # name: "NameString", # required
439
- # column_names: ["NameString"],
440
- # column_wildcard: {
441
- # excluded_column_names: ["NameString"],
442
- # },
443
- # },
444
- # data_location: {
445
- # catalog_id: "CatalogIdString",
446
- # resource_arn: "ResourceArnString", # required
447
- # },
448
- # data_cells_filter: {
449
- # table_catalog_id: "CatalogIdString",
450
- # database_name: "NameString",
451
- # table_name: "NameString",
452
- # name: "NameString",
453
- # },
454
- # lf_tag: {
455
- # catalog_id: "CatalogIdString",
456
- # tag_key: "NameString", # required
457
- # tag_values: ["LFTagValue"], # required
458
- # },
459
- # lf_tag_policy: {
460
- # catalog_id: "CatalogIdString",
461
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
462
- # expression: [ # required
463
- # {
464
- # tag_key: "LFTagKey", # required
465
- # tag_values: ["LFTagValue"], # required
466
- # },
467
- # ],
468
- # },
469
- # },
470
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
471
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
472
- # },
473
- # ],
474
- # }
475
- #
476
290
  # @!attribute [rw] catalog_id
477
291
  # The identifier for the Data Catalog. By default, the account ID. The
478
292
  # Data Catalog is the persistent metadata store. It contains database
@@ -506,13 +320,6 @@ module Aws::LakeFormation
506
320
  include Aws::Structure
507
321
  end
508
322
 
509
- # @note When making an API call, you may pass CancelTransactionRequest
510
- # data as a hash:
511
- #
512
- # {
513
- # transaction_id: "TransactionIdString", # required
514
- # }
515
- #
516
323
  # @!attribute [rw] transaction_id
517
324
  # The transaction to cancel.
518
325
  # @return [String]
@@ -560,13 +367,6 @@ module Aws::LakeFormation
560
367
  # A wildcard object, consisting of an optional list of excluded column
561
368
  # names or indexes.
562
369
  #
563
- # @note When making an API call, you may pass ColumnWildcard
564
- # data as a hash:
565
- #
566
- # {
567
- # excluded_column_names: ["NameString"],
568
- # }
569
- #
570
370
  # @!attribute [rw] excluded_column_names
571
371
  # Excludes column names. Any column with this name will be excluded.
572
372
  # @return [Array<String>]
@@ -579,13 +379,6 @@ module Aws::LakeFormation
579
379
  include Aws::Structure
580
380
  end
581
381
 
582
- # @note When making an API call, you may pass CommitTransactionRequest
583
- # data as a hash:
584
- #
585
- # {
586
- # transaction_id: "TransactionIdString", # required
587
- # }
588
- #
589
382
  # @!attribute [rw] transaction_id
590
383
  # The transaction to commit.
591
384
  # @return [String]
@@ -624,27 +417,6 @@ module Aws::LakeFormation
624
417
  include Aws::Structure
625
418
  end
626
419
 
627
- # @note When making an API call, you may pass CreateDataCellsFilterRequest
628
- # data as a hash:
629
- #
630
- # {
631
- # table_data: { # required
632
- # table_catalog_id: "CatalogIdString", # required
633
- # database_name: "NameString", # required
634
- # table_name: "NameString", # required
635
- # name: "NameString", # required
636
- # row_filter: {
637
- # filter_expression: "PredicateString",
638
- # all_rows_wildcard: {
639
- # },
640
- # },
641
- # column_names: ["NameString"],
642
- # column_wildcard: {
643
- # excluded_column_names: ["NameString"],
644
- # },
645
- # },
646
- # }
647
- #
648
420
  # @!attribute [rw] table_data
649
421
  # A `DataCellsFilter` structure containing information about the data
650
422
  # cells filter.
@@ -662,15 +434,6 @@ module Aws::LakeFormation
662
434
  #
663
435
  class CreateDataCellsFilterResponse < Aws::EmptyStructure; end
664
436
 
665
- # @note When making an API call, you may pass CreateLFTagRequest
666
- # data as a hash:
667
- #
668
- # {
669
- # catalog_id: "CatalogIdString",
670
- # tag_key: "LFTagKey", # required
671
- # tag_values: ["LFTagValue"], # required
672
- # }
673
- #
674
437
  # @!attribute [rw] catalog_id
675
438
  # The identifier for the Data Catalog. By default, the account ID. The
676
439
  # Data Catalog is the persistent metadata store. It contains database
@@ -700,26 +463,29 @@ module Aws::LakeFormation
700
463
  #
701
464
  class CreateLFTagResponse < Aws::EmptyStructure; end
702
465
 
703
- # A structure that describes certain columns on certain rows.
466
+ # @!attribute [rw] principal
467
+ # The Lake Formation principal. Supported principals are IAM users or
468
+ # IAM roles.
469
+ # @return [Types::DataLakePrincipal]
470
+ #
471
+ # @!attribute [rw] resource
472
+ # A structure for the resource.
473
+ # @return [Types::Resource]
474
+ #
475
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationOptInRequest AWS API Documentation
476
+ #
477
+ class CreateLakeFormationOptInRequest < Struct.new(
478
+ :principal,
479
+ :resource)
480
+ SENSITIVE = []
481
+ include Aws::Structure
482
+ end
483
+
484
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationOptInResponse AWS API Documentation
704
485
  #
705
- # @note When making an API call, you may pass DataCellsFilter
706
- # data as a hash:
707
- #
708
- # {
709
- # table_catalog_id: "CatalogIdString", # required
710
- # database_name: "NameString", # required
711
- # table_name: "NameString", # required
712
- # name: "NameString", # required
713
- # row_filter: {
714
- # filter_expression: "PredicateString",
715
- # all_rows_wildcard: {
716
- # },
717
- # },
718
- # column_names: ["NameString"],
719
- # column_wildcard: {
720
- # excluded_column_names: ["NameString"],
721
- # },
722
- # }
486
+ class CreateLakeFormationOptInResponse < Aws::EmptyStructure; end
487
+
488
+ # A structure that describes certain columns on certain rows.
723
489
  #
724
490
  # @!attribute [rw] table_catalog_id
725
491
  # The ID of the catalog to which the table belongs.
@@ -742,13 +508,23 @@ module Aws::LakeFormation
742
508
  # @return [Types::RowFilter]
743
509
  #
744
510
  # @!attribute [rw] column_names
745
- # A list of column names.
511
+ # A list of column names and/or nested column attributes. When
512
+ # specifying nested attributes, use a qualified dot (.) delimited
513
+ # format such as "address"."zip". Nested attributes within this
514
+ # list may not exceed a depth of 5.
746
515
  # @return [Array<String>]
747
516
  #
748
517
  # @!attribute [rw] column_wildcard
749
518
  # A wildcard with exclusions.
519
+ #
520
+ # You must specify either a `ColumnNames` list or the
521
+ # `ColumnWildCard`.
750
522
  # @return [Types::ColumnWildcard]
751
523
  #
524
+ # @!attribute [rw] version_id
525
+ # The ID of the data cells filter version.
526
+ # @return [String]
527
+ #
752
528
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataCellsFilter AWS API Documentation
753
529
  #
754
530
  class DataCellsFilter < Struct.new(
@@ -758,23 +534,14 @@ module Aws::LakeFormation
758
534
  :name,
759
535
  :row_filter,
760
536
  :column_names,
761
- :column_wildcard)
537
+ :column_wildcard,
538
+ :version_id)
762
539
  SENSITIVE = []
763
540
  include Aws::Structure
764
541
  end
765
542
 
766
543
  # A structure for a data cells filter resource.
767
544
  #
768
- # @note When making an API call, you may pass DataCellsFilterResource
769
- # data as a hash:
770
- #
771
- # {
772
- # table_catalog_id: "CatalogIdString",
773
- # database_name: "NameString",
774
- # table_name: "NameString",
775
- # name: "NameString",
776
- # }
777
- #
778
545
  # @!attribute [rw] table_catalog_id
779
546
  # The ID of the catalog to which the table belongs.
780
547
  # @return [String]
@@ -802,15 +569,8 @@ module Aws::LakeFormation
802
569
  include Aws::Structure
803
570
  end
804
571
 
805
- # The AWS Lake Formation principal. Supported principals are IAM users
806
- # or IAM roles.
807
- #
808
- # @note When making an API call, you may pass DataLakePrincipal
809
- # data as a hash:
810
- #
811
- # {
812
- # data_lake_principal_identifier: "DataLakePrincipalString",
813
- # }
572
+ # The Lake Formation principal. Supported principals are IAM users or
573
+ # IAM roles.
814
574
  #
815
575
  # @!attribute [rw] data_lake_principal_identifier
816
576
  # An identifier for the Lake Formation principal.
@@ -829,44 +589,21 @@ module Aws::LakeFormation
829
589
  # permission entries for default create database and default create
830
590
  # table permissions.
831
591
  #
832
- # @note When making an API call, you may pass DataLakeSettings
833
- # data as a hash:
834
- #
835
- # {
836
- # data_lake_admins: [
837
- # {
838
- # data_lake_principal_identifier: "DataLakePrincipalString",
839
- # },
840
- # ],
841
- # create_database_default_permissions: [
842
- # {
843
- # principal: {
844
- # data_lake_principal_identifier: "DataLakePrincipalString",
845
- # },
846
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
847
- # },
848
- # ],
849
- # create_table_default_permissions: [
850
- # {
851
- # principal: {
852
- # data_lake_principal_identifier: "DataLakePrincipalString",
853
- # },
854
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
855
- # },
856
- # ],
857
- # trusted_resource_owners: ["CatalogIdString"],
858
- # }
859
- #
860
592
  # @!attribute [rw] data_lake_admins
861
593
  # A list of Lake Formation principals. Supported principals are IAM
862
594
  # users or IAM roles.
863
595
  # @return [Array<Types::DataLakePrincipal>]
864
596
  #
597
+ # @!attribute [rw] read_only_admins
598
+ # A list of Lake Formation principals with only view access to the
599
+ # resources, without the ability to make changes. Supported principals
600
+ # are IAM users or IAM roles.
601
+ # @return [Array<Types::DataLakePrincipal>]
602
+ #
865
603
  # @!attribute [rw] create_database_default_permissions
866
604
  # Specifies whether access control on newly created database is
867
605
  # managed by Lake Formation permissions or exclusively by IAM
868
- # permissions. You can override this default setting when you create a
869
- # database.
606
+ # permissions.
870
607
  #
871
608
  # A null value indicates access control by Lake Formation permissions.
872
609
  # A value that assigns ALL to IAM\_ALLOWED\_PRINCIPALS indicates
@@ -910,6 +647,13 @@ module Aws::LakeFormation
910
647
  # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html
911
648
  # @return [Array<Types::PrincipalPermissions>]
912
649
  #
650
+ # @!attribute [rw] parameters
651
+ # A key-value map that provides an additional configuration on your
652
+ # data lake. CrossAccountVersion is the key you can configure in the
653
+ # Parameters field. Accepted values for the CrossAccountVersion key
654
+ # are 1, 2, and 3.
655
+ # @return [Hash<String,String>]
656
+ #
913
657
  # @!attribute [rw] trusted_resource_owners
914
658
  # A list of the resource-owning account IDs that the caller's account
915
659
  # can use to share their user access details (user ARNs). The user
@@ -919,13 +663,58 @@ module Aws::LakeFormation
919
663
  # boundary, such as the same team or company.
920
664
  # @return [Array<String>]
921
665
  #
666
+ # @!attribute [rw] allow_external_data_filtering
667
+ # Whether to allow Amazon EMR clusters to access data managed by Lake
668
+ # Formation.
669
+ #
670
+ # If true, you allow Amazon EMR clusters to access data in Amazon S3
671
+ # locations that are registered with Lake Formation.
672
+ #
673
+ # If false or null, no Amazon EMR clusters will be able to access data
674
+ # in Amazon S3 locations that are registered with Lake Formation.
675
+ #
676
+ # For more information, see [(Optional) Allow external data
677
+ # filtering][1].
678
+ #
679
+ #
680
+ #
681
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/initial-LF-setup.html#external-data-filter
682
+ # @return [Boolean]
683
+ #
684
+ # @!attribute [rw] allow_full_table_external_data_access
685
+ # Whether to allow a third-party query engine to get data access
686
+ # credentials without session tags when a caller has full data access
687
+ # permissions.
688
+ # @return [Boolean]
689
+ #
690
+ # @!attribute [rw] external_data_filtering_allow_list
691
+ # A list of the account IDs of Amazon Web Services accounts with
692
+ # Amazon EMR clusters that are to perform data filtering.&gt;
693
+ # @return [Array<Types::DataLakePrincipal>]
694
+ #
695
+ # @!attribute [rw] authorized_session_tag_value_list
696
+ # Lake Formation relies on a privileged process secured by Amazon EMR
697
+ # or the third party integrator to tag the user's role while assuming
698
+ # it. Lake Formation will publish the acceptable key-value pair, for
699
+ # example key = "LakeFormationTrustedCaller" and value = "TRUE"
700
+ # and the third party integrator must properly tag the temporary
701
+ # security credentials that will be used to call Lake Formation's
702
+ # administrative APIs.
703
+ # @return [Array<String>]
704
+ #
922
705
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DataLakeSettings AWS API Documentation
923
706
  #
924
707
  class DataLakeSettings < Struct.new(
925
708
  :data_lake_admins,
709
+ :read_only_admins,
926
710
  :create_database_default_permissions,
927
711
  :create_table_default_permissions,
928
- :trusted_resource_owners)
712
+ :parameters,
713
+ :trusted_resource_owners,
714
+ :allow_external_data_filtering,
715
+ :allow_full_table_external_data_access,
716
+ :external_data_filtering_allow_list,
717
+ :authorized_session_tag_value_list)
929
718
  SENSITIVE = []
930
719
  include Aws::Structure
931
720
  end
@@ -933,14 +722,6 @@ module Aws::LakeFormation
933
722
  # A structure for a data location object where permissions are granted
934
723
  # or revoked.
935
724
  #
936
- # @note When making an API call, you may pass DataLocationResource
937
- # data as a hash:
938
- #
939
- # {
940
- # catalog_id: "CatalogIdString",
941
- # resource_arn: "ResourceArnString", # required
942
- # }
943
- #
944
725
  # @!attribute [rw] catalog_id
945
726
  # The identifier for the Data Catalog where the location is registered
946
727
  # with Lake Formation. By default, it is the account ID of the caller.
@@ -962,14 +743,6 @@ module Aws::LakeFormation
962
743
 
963
744
  # A structure for the database object.
964
745
  #
965
- # @note When making an API call, you may pass DatabaseResource
966
- # data as a hash:
967
- #
968
- # {
969
- # catalog_id: "CatalogIdString",
970
- # name: "NameString", # required
971
- # }
972
- #
973
746
  # @!attribute [rw] catalog_id
974
747
  # The identifier for the Data Catalog. By default, it is the account
975
748
  # ID of the caller.
@@ -988,16 +761,6 @@ module Aws::LakeFormation
988
761
  include Aws::Structure
989
762
  end
990
763
 
991
- # @note When making an API call, you may pass DeleteDataCellsFilterRequest
992
- # data as a hash:
993
- #
994
- # {
995
- # table_catalog_id: "CatalogIdString",
996
- # database_name: "NameString",
997
- # table_name: "NameString",
998
- # name: "NameString",
999
- # }
1000
- #
1001
764
  # @!attribute [rw] table_catalog_id
1002
765
  # The ID of the catalog to which the table belongs.
1003
766
  # @return [String]
@@ -1029,14 +792,6 @@ module Aws::LakeFormation
1029
792
  #
1030
793
  class DeleteDataCellsFilterResponse < Aws::EmptyStructure; end
1031
794
 
1032
- # @note When making an API call, you may pass DeleteLFTagRequest
1033
- # data as a hash:
1034
- #
1035
- # {
1036
- # catalog_id: "CatalogIdString",
1037
- # tag_key: "LFTagKey", # required
1038
- # }
1039
- #
1040
795
  # @!attribute [rw] catalog_id
1041
796
  # The identifier for the Data Catalog. By default, the account ID. The
1042
797
  # Data Catalog is the persistent metadata store. It contains database
@@ -1061,16 +816,29 @@ module Aws::LakeFormation
1061
816
  #
1062
817
  class DeleteLFTagResponse < Aws::EmptyStructure; end
1063
818
 
1064
- # An object to delete from the governed table.
819
+ # @!attribute [rw] principal
820
+ # The Lake Formation principal. Supported principals are IAM users or
821
+ # IAM roles.
822
+ # @return [Types::DataLakePrincipal]
823
+ #
824
+ # @!attribute [rw] resource
825
+ # A structure for the resource.
826
+ # @return [Types::Resource]
1065
827
  #
1066
- # @note When making an API call, you may pass DeleteObjectInput
1067
- # data as a hash:
828
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DeleteLakeFormationOptInRequest AWS API Documentation
1068
829
  #
1069
- # {
1070
- # uri: "URI", # required
1071
- # etag: "ETagString",
1072
- # partition_values: ["PartitionValueString"],
1073
- # }
830
+ class DeleteLakeFormationOptInRequest < Struct.new(
831
+ :principal,
832
+ :resource)
833
+ SENSITIVE = []
834
+ include Aws::Structure
835
+ end
836
+
837
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DeleteLakeFormationOptInResponse AWS API Documentation
838
+ #
839
+ class DeleteLakeFormationOptInResponse < Aws::EmptyStructure; end
840
+
841
+ # An object to delete from the governed table.
1074
842
  #
1075
843
  # @!attribute [rw] uri
1076
844
  # The Amazon S3 location of the object to delete.
@@ -1096,22 +864,6 @@ module Aws::LakeFormation
1096
864
  include Aws::Structure
1097
865
  end
1098
866
 
1099
- # @note When making an API call, you may pass DeleteObjectsOnCancelRequest
1100
- # data as a hash:
1101
- #
1102
- # {
1103
- # catalog_id: "CatalogIdString",
1104
- # database_name: "NameString", # required
1105
- # table_name: "NameString", # required
1106
- # transaction_id: "TransactionIdString", # required
1107
- # objects: [ # required
1108
- # {
1109
- # uri: "URI", # required
1110
- # etag: "ETagString",
1111
- # },
1112
- # ],
1113
- # }
1114
- #
1115
867
  # @!attribute [rw] catalog_id
1116
868
  # The Glue data catalog that contains the governed table. Defaults to
1117
869
  # the current account ID.
@@ -1150,13 +902,6 @@ module Aws::LakeFormation
1150
902
  #
1151
903
  class DeleteObjectsOnCancelResponse < Aws::EmptyStructure; end
1152
904
 
1153
- # @note When making an API call, you may pass DeregisterResourceRequest
1154
- # data as a hash:
1155
- #
1156
- # {
1157
- # resource_arn: "ResourceArnString", # required
1158
- # }
1159
- #
1160
905
  # @!attribute [rw] resource_arn
1161
906
  # The Amazon Resource Name (ARN) of the resource that you want to
1162
907
  # deregister.
@@ -1174,13 +919,6 @@ module Aws::LakeFormation
1174
919
  #
1175
920
  class DeregisterResourceResponse < Aws::EmptyStructure; end
1176
921
 
1177
- # @note When making an API call, you may pass DescribeResourceRequest
1178
- # data as a hash:
1179
- #
1180
- # {
1181
- # resource_arn: "ResourceArnString", # required
1182
- # }
1183
- #
1184
922
  # @!attribute [rw] resource_arn
1185
923
  # The resource ARN.
1186
924
  # @return [String]
@@ -1205,13 +943,6 @@ module Aws::LakeFormation
1205
943
  include Aws::Structure
1206
944
  end
1207
945
 
1208
- # @note When making an API call, you may pass DescribeTransactionRequest
1209
- # data as a hash:
1210
- #
1211
- # {
1212
- # transaction_id: "TransactionIdString", # required
1213
- # }
1214
- #
1215
946
  # @!attribute [rw] transaction_id
1216
947
  # The transaction for which to return status.
1217
948
  # @return [String]
@@ -1255,7 +986,7 @@ module Aws::LakeFormation
1255
986
  include Aws::Structure
1256
987
  end
1257
988
 
1258
- # A specified entity does not exist
989
+ # A specified entity does not exist.
1259
990
  #
1260
991
  # @!attribute [rw] message
1261
992
  # A message describing the problem.
@@ -1326,13 +1057,6 @@ module Aws::LakeFormation
1326
1057
  include Aws::Structure
1327
1058
  end
1328
1059
 
1329
- # @note When making an API call, you may pass ExtendTransactionRequest
1330
- # data as a hash:
1331
- #
1332
- # {
1333
- # transaction_id: "TransactionIdString",
1334
- # }
1335
- #
1336
1060
  # @!attribute [rw] transaction_id
1337
1061
  # The transaction to extend.
1338
1062
  # @return [String]
@@ -1352,15 +1076,6 @@ module Aws::LakeFormation
1352
1076
  # This structure describes the filtering of columns in a table based on
1353
1077
  # a filter condition.
1354
1078
  #
1355
- # @note When making an API call, you may pass FilterCondition
1356
- # data as a hash:
1357
- #
1358
- # {
1359
- # field: "RESOURCE_ARN", # accepts RESOURCE_ARN, ROLE_ARN, LAST_MODIFIED
1360
- # comparison_operator: "EQ", # accepts EQ, NE, LE, LT, GE, GT, CONTAINS, NOT_CONTAINS, BEGINS_WITH, IN, BETWEEN
1361
- # string_value_list: ["StringValue"],
1362
- # }
1363
- #
1364
1079
  # @!attribute [rw] field
1365
1080
  # The field to filter in the filter condition.
1366
1081
  # @return [String]
@@ -1383,13 +1098,45 @@ module Aws::LakeFormation
1383
1098
  include Aws::Structure
1384
1099
  end
1385
1100
 
1386
- # @note When making an API call, you may pass GetDataLakeSettingsRequest
1387
- # data as a hash:
1101
+ # @!attribute [rw] table_catalog_id
1102
+ # The ID of the catalog to which the table belongs.
1103
+ # @return [String]
1104
+ #
1105
+ # @!attribute [rw] database_name
1106
+ # A database in the Glue Data Catalog.
1107
+ # @return [String]
1108
+ #
1109
+ # @!attribute [rw] table_name
1110
+ # A table in the database.
1111
+ # @return [String]
1112
+ #
1113
+ # @!attribute [rw] name
1114
+ # The name given by the user to the data filter cell.
1115
+ # @return [String]
1116
+ #
1117
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataCellsFilterRequest AWS API Documentation
1118
+ #
1119
+ class GetDataCellsFilterRequest < Struct.new(
1120
+ :table_catalog_id,
1121
+ :database_name,
1122
+ :table_name,
1123
+ :name)
1124
+ SENSITIVE = []
1125
+ include Aws::Structure
1126
+ end
1127
+
1128
+ # @!attribute [rw] data_cells_filter
1129
+ # A structure that describes certain columns on certain rows.
1130
+ # @return [Types::DataCellsFilter]
1388
1131
  #
1389
- # {
1390
- # catalog_id: "CatalogIdString",
1391
- # }
1132
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetDataCellsFilterResponse AWS API Documentation
1392
1133
  #
1134
+ class GetDataCellsFilterResponse < Struct.new(
1135
+ :data_cells_filter)
1136
+ SENSITIVE = []
1137
+ include Aws::Structure
1138
+ end
1139
+
1393
1140
  # @!attribute [rw] catalog_id
1394
1141
  # The identifier for the Data Catalog. By default, the account ID. The
1395
1142
  # Data Catalog is the persistent metadata store. It contains database
@@ -1418,16 +1165,6 @@ module Aws::LakeFormation
1418
1165
  include Aws::Structure
1419
1166
  end
1420
1167
 
1421
- # @note When making an API call, you may pass GetEffectivePermissionsForPathRequest
1422
- # data as a hash:
1423
- #
1424
- # {
1425
- # catalog_id: "CatalogIdString",
1426
- # resource_arn: "ResourceArnString", # required
1427
- # next_token: "Token",
1428
- # max_results: 1,
1429
- # }
1430
- #
1431
1168
  # @!attribute [rw] catalog_id
1432
1169
  # The identifier for the Data Catalog. By default, the account ID. The
1433
1170
  # Data Catalog is the persistent metadata store. It contains database
@@ -1479,14 +1216,6 @@ module Aws::LakeFormation
1479
1216
  include Aws::Structure
1480
1217
  end
1481
1218
 
1482
- # @note When making an API call, you may pass GetLFTagRequest
1483
- # data as a hash:
1484
- #
1485
- # {
1486
- # catalog_id: "CatalogIdString",
1487
- # tag_key: "LFTagKey", # required
1488
- # }
1489
- #
1490
1219
  # @!attribute [rw] catalog_id
1491
1220
  # The identifier for the Data Catalog. By default, the account ID. The
1492
1221
  # Data Catalog is the persistent metadata store. It contains database
@@ -1532,13 +1261,6 @@ module Aws::LakeFormation
1532
1261
  include Aws::Structure
1533
1262
  end
1534
1263
 
1535
- # @note When making an API call, you may pass GetQueryStateRequest
1536
- # data as a hash:
1537
- #
1538
- # {
1539
- # query_id: "GetQueryStateRequestQueryIdString", # required
1540
- # }
1541
- #
1542
1264
  # @!attribute [rw] query_id
1543
1265
  # The ID of the plan query operation.
1544
1266
  # @return [String]
@@ -1581,13 +1303,6 @@ module Aws::LakeFormation
1581
1303
  include Aws::Structure
1582
1304
  end
1583
1305
 
1584
- # @note When making an API call, you may pass GetQueryStatisticsRequest
1585
- # data as a hash:
1586
- #
1587
- # {
1588
- # query_id: "GetQueryStatisticsRequestQueryIdString", # required
1589
- # }
1590
- #
1591
1306
  # @!attribute [rw] query_id
1592
1307
  # The ID of the plan query operation.
1593
1308
  # @return [String]
@@ -1623,63 +1338,6 @@ module Aws::LakeFormation
1623
1338
  include Aws::Structure
1624
1339
  end
1625
1340
 
1626
- # @note When making an API call, you may pass GetResourceLFTagsRequest
1627
- # data as a hash:
1628
- #
1629
- # {
1630
- # catalog_id: "CatalogIdString",
1631
- # resource: { # required
1632
- # catalog: {
1633
- # },
1634
- # database: {
1635
- # catalog_id: "CatalogIdString",
1636
- # name: "NameString", # required
1637
- # },
1638
- # table: {
1639
- # catalog_id: "CatalogIdString",
1640
- # database_name: "NameString", # required
1641
- # name: "NameString",
1642
- # table_wildcard: {
1643
- # },
1644
- # },
1645
- # table_with_columns: {
1646
- # catalog_id: "CatalogIdString",
1647
- # database_name: "NameString", # required
1648
- # name: "NameString", # required
1649
- # column_names: ["NameString"],
1650
- # column_wildcard: {
1651
- # excluded_column_names: ["NameString"],
1652
- # },
1653
- # },
1654
- # data_location: {
1655
- # catalog_id: "CatalogIdString",
1656
- # resource_arn: "ResourceArnString", # required
1657
- # },
1658
- # data_cells_filter: {
1659
- # table_catalog_id: "CatalogIdString",
1660
- # database_name: "NameString",
1661
- # table_name: "NameString",
1662
- # name: "NameString",
1663
- # },
1664
- # lf_tag: {
1665
- # catalog_id: "CatalogIdString",
1666
- # tag_key: "NameString", # required
1667
- # tag_values: ["LFTagValue"], # required
1668
- # },
1669
- # lf_tag_policy: {
1670
- # catalog_id: "CatalogIdString",
1671
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
1672
- # expression: [ # required
1673
- # {
1674
- # tag_key: "LFTagKey", # required
1675
- # tag_values: ["LFTagValue"], # required
1676
- # },
1677
- # ],
1678
- # },
1679
- # },
1680
- # show_assigned_lf_tags: false,
1681
- # }
1682
- #
1683
1341
  # @!attribute [rw] catalog_id
1684
1342
  # The identifier for the Data Catalog. By default, the account ID. The
1685
1343
  # Data Catalog is the persistent metadata store. It contains database
@@ -1728,20 +1386,6 @@ module Aws::LakeFormation
1728
1386
  include Aws::Structure
1729
1387
  end
1730
1388
 
1731
- # @note When making an API call, you may pass GetTableObjectsRequest
1732
- # data as a hash:
1733
- #
1734
- # {
1735
- # catalog_id: "CatalogIdString",
1736
- # database_name: "NameString", # required
1737
- # table_name: "NameString", # required
1738
- # transaction_id: "TransactionIdString",
1739
- # query_as_of_time: Time.now,
1740
- # partition_predicate: "PredicateString",
1741
- # max_results: 1,
1742
- # next_token: "TokenString",
1743
- # }
1744
- #
1745
1389
  # @!attribute [rw] catalog_id
1746
1390
  # The catalog containing the governed table. Defaults to the caller’s
1747
1391
  # account.
@@ -1824,15 +1468,138 @@ module Aws::LakeFormation
1824
1468
  include Aws::Structure
1825
1469
  end
1826
1470
 
1827
- # @note When making an API call, you may pass GetWorkUnitResultsRequest
1828
- # data as a hash:
1471
+ # @!attribute [rw] table_arn
1472
+ # The ARN of the partitions' table.
1473
+ # @return [String]
1474
+ #
1475
+ # @!attribute [rw] partition
1476
+ # A list of partition values identifying a single partition.
1477
+ # @return [Types::PartitionValueList]
1478
+ #
1479
+ # @!attribute [rw] permissions
1480
+ # Filters the request based on the user having been granted a list of
1481
+ # specified permissions on the requested resource(s).
1482
+ # @return [Array<String>]
1483
+ #
1484
+ # @!attribute [rw] duration_seconds
1485
+ # The time period, between 900 and 21,600 seconds, for the timeout of
1486
+ # the temporary credentials.
1487
+ # @return [Integer]
1488
+ #
1489
+ # @!attribute [rw] audit_context
1490
+ # A structure representing context to access a resource (column names,
1491
+ # query ID, etc).
1492
+ # @return [Types::AuditContext]
1493
+ #
1494
+ # @!attribute [rw] supported_permission_types
1495
+ # A list of supported permission types for the partition. Valid values
1496
+ # are `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
1497
+ # @return [Array<String>]
1498
+ #
1499
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsRequest AWS API Documentation
1500
+ #
1501
+ class GetTemporaryGluePartitionCredentialsRequest < Struct.new(
1502
+ :table_arn,
1503
+ :partition,
1504
+ :permissions,
1505
+ :duration_seconds,
1506
+ :audit_context,
1507
+ :supported_permission_types)
1508
+ SENSITIVE = []
1509
+ include Aws::Structure
1510
+ end
1511
+
1512
+ # @!attribute [rw] access_key_id
1513
+ # The access key ID for the temporary credentials.
1514
+ # @return [String]
1515
+ #
1516
+ # @!attribute [rw] secret_access_key
1517
+ # The secret key for the temporary credentials.
1518
+ # @return [String]
1829
1519
  #
1830
- # {
1831
- # query_id: "GetWorkUnitResultsRequestQueryIdString", # required
1832
- # work_unit_id: 1, # required
1833
- # work_unit_token: "SyntheticGetWorkUnitResultsRequestWorkUnitTokenString", # required
1834
- # }
1520
+ # @!attribute [rw] session_token
1521
+ # The session token for the temporary credentials.
1522
+ # @return [String]
1835
1523
  #
1524
+ # @!attribute [rw] expiration
1525
+ # The date and time when the temporary credentials expire.
1526
+ # @return [Time]
1527
+ #
1528
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGluePartitionCredentialsResponse AWS API Documentation
1529
+ #
1530
+ class GetTemporaryGluePartitionCredentialsResponse < Struct.new(
1531
+ :access_key_id,
1532
+ :secret_access_key,
1533
+ :session_token,
1534
+ :expiration)
1535
+ SENSITIVE = []
1536
+ include Aws::Structure
1537
+ end
1538
+
1539
+ # @!attribute [rw] table_arn
1540
+ # The ARN identifying a table in the Data Catalog for the temporary
1541
+ # credentials request.
1542
+ # @return [String]
1543
+ #
1544
+ # @!attribute [rw] permissions
1545
+ # Filters the request based on the user having been granted a list of
1546
+ # specified permissions on the requested resource(s).
1547
+ # @return [Array<String>]
1548
+ #
1549
+ # @!attribute [rw] duration_seconds
1550
+ # The time period, between 900 and 21,600 seconds, for the timeout of
1551
+ # the temporary credentials.
1552
+ # @return [Integer]
1553
+ #
1554
+ # @!attribute [rw] audit_context
1555
+ # A structure representing context to access a resource (column names,
1556
+ # query ID, etc).
1557
+ # @return [Types::AuditContext]
1558
+ #
1559
+ # @!attribute [rw] supported_permission_types
1560
+ # A list of supported permission types for the table. Valid values are
1561
+ # `COLUMN_PERMISSION` and `CELL_FILTER_PERMISSION`.
1562
+ # @return [Array<String>]
1563
+ #
1564
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsRequest AWS API Documentation
1565
+ #
1566
+ class GetTemporaryGlueTableCredentialsRequest < Struct.new(
1567
+ :table_arn,
1568
+ :permissions,
1569
+ :duration_seconds,
1570
+ :audit_context,
1571
+ :supported_permission_types)
1572
+ SENSITIVE = []
1573
+ include Aws::Structure
1574
+ end
1575
+
1576
+ # @!attribute [rw] access_key_id
1577
+ # The access key ID for the temporary credentials.
1578
+ # @return [String]
1579
+ #
1580
+ # @!attribute [rw] secret_access_key
1581
+ # The secret key for the temporary credentials.
1582
+ # @return [String]
1583
+ #
1584
+ # @!attribute [rw] session_token
1585
+ # The session token for the temporary credentials.
1586
+ # @return [String]
1587
+ #
1588
+ # @!attribute [rw] expiration
1589
+ # The date and time when the temporary credentials expire.
1590
+ # @return [Time]
1591
+ #
1592
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentialsResponse AWS API Documentation
1593
+ #
1594
+ class GetTemporaryGlueTableCredentialsResponse < Struct.new(
1595
+ :access_key_id,
1596
+ :secret_access_key,
1597
+ :session_token,
1598
+ :expiration)
1599
+ SENSITIVE = []
1600
+ include Aws::Structure
1601
+ end
1602
+
1836
1603
  # @!attribute [rw] query_id
1837
1604
  # The ID of the plan query operation for which to get results.
1838
1605
  # @return [String]
@@ -1873,15 +1640,6 @@ module Aws::LakeFormation
1873
1640
  include Aws::Structure
1874
1641
  end
1875
1642
 
1876
- # @note When making an API call, you may pass GetWorkUnitsRequest
1877
- # data as a hash:
1878
- #
1879
- # {
1880
- # next_token: "Token",
1881
- # page_size: 1,
1882
- # query_id: "GetWorkUnitsRequestQueryIdString", # required
1883
- # }
1884
- #
1885
1643
  # @!attribute [rw] next_token
1886
1644
  # A continuation token, if this is a continuation call.
1887
1645
  # @return [String]
@@ -1949,67 +1707,6 @@ module Aws::LakeFormation
1949
1707
  include Aws::Structure
1950
1708
  end
1951
1709
 
1952
- # @note When making an API call, you may pass GrantPermissionsRequest
1953
- # data as a hash:
1954
- #
1955
- # {
1956
- # catalog_id: "CatalogIdString",
1957
- # principal: { # required
1958
- # data_lake_principal_identifier: "DataLakePrincipalString",
1959
- # },
1960
- # resource: { # required
1961
- # catalog: {
1962
- # },
1963
- # database: {
1964
- # catalog_id: "CatalogIdString",
1965
- # name: "NameString", # required
1966
- # },
1967
- # table: {
1968
- # catalog_id: "CatalogIdString",
1969
- # database_name: "NameString", # required
1970
- # name: "NameString",
1971
- # table_wildcard: {
1972
- # },
1973
- # },
1974
- # table_with_columns: {
1975
- # catalog_id: "CatalogIdString",
1976
- # database_name: "NameString", # required
1977
- # name: "NameString", # required
1978
- # column_names: ["NameString"],
1979
- # column_wildcard: {
1980
- # excluded_column_names: ["NameString"],
1981
- # },
1982
- # },
1983
- # data_location: {
1984
- # catalog_id: "CatalogIdString",
1985
- # resource_arn: "ResourceArnString", # required
1986
- # },
1987
- # data_cells_filter: {
1988
- # table_catalog_id: "CatalogIdString",
1989
- # database_name: "NameString",
1990
- # table_name: "NameString",
1991
- # name: "NameString",
1992
- # },
1993
- # lf_tag: {
1994
- # catalog_id: "CatalogIdString",
1995
- # tag_key: "NameString", # required
1996
- # tag_values: ["LFTagValue"], # required
1997
- # },
1998
- # lf_tag_policy: {
1999
- # catalog_id: "CatalogIdString",
2000
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2001
- # expression: [ # required
2002
- # {
2003
- # tag_key: "LFTagKey", # required
2004
- # tag_values: ["LFTagValue"], # required
2005
- # },
2006
- # ],
2007
- # },
2008
- # },
2009
- # permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2010
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2011
- # }
2012
- #
2013
1710
  # @!attribute [rw] catalog_id
2014
1711
  # The identifier for the Data Catalog. By default, the account ID. The
2015
1712
  # Data Catalog is the persistent metadata store. It contains database
@@ -2094,20 +1791,16 @@ module Aws::LakeFormation
2094
1791
  # conditions. For example, granting a role access to all columns that do
2095
1792
  # not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.
2096
1793
  #
2097
- # @note When making an API call, you may pass LFTag
2098
- # data as a hash:
2099
- #
2100
- # {
2101
- # tag_key: "LFTagKey", # required
2102
- # tag_values: ["LFTagValue"], # required
2103
- # }
2104
- #
2105
1794
  # @!attribute [rw] tag_key
2106
1795
  # The key-name for the LF-tag.
2107
1796
  # @return [String]
2108
1797
  #
2109
1798
  # @!attribute [rw] tag_values
2110
1799
  # A list of possible values an attribute can take.
1800
+ #
1801
+ # The maximum number of values that can be defined for a LF-Tag is
1802
+ # 1000. A single API call supports 50 values. You can use multiple API
1803
+ # calls to add more values.
2111
1804
  # @return [Array<String>]
2112
1805
  #
2113
1806
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/LFTag AWS API Documentation
@@ -2142,15 +1835,6 @@ module Aws::LakeFormation
2142
1835
 
2143
1836
  # A structure containing an LF-tag key and values for a resource.
2144
1837
  #
2145
- # @note When making an API call, you may pass LFTagKeyResource
2146
- # data as a hash:
2147
- #
2148
- # {
2149
- # catalog_id: "CatalogIdString",
2150
- # tag_key: "NameString", # required
2151
- # tag_values: ["LFTagValue"], # required
2152
- # }
2153
- #
2154
1838
  # @!attribute [rw] catalog_id
2155
1839
  # The identifier for the Data Catalog. By default, the account ID. The
2156
1840
  # Data Catalog is the persistent metadata store. It contains database
@@ -2178,15 +1862,6 @@ module Aws::LakeFormation
2178
1862
 
2179
1863
  # A structure containing an LF-tag key-value pair.
2180
1864
  #
2181
- # @note When making an API call, you may pass LFTagPair
2182
- # data as a hash:
2183
- #
2184
- # {
2185
- # catalog_id: "CatalogIdString",
2186
- # tag_key: "LFTagKey", # required
2187
- # tag_values: ["LFTagValue"], # required
2188
- # }
2189
- #
2190
1865
  # @!attribute [rw] catalog_id
2191
1866
  # The identifier for the Data Catalog. By default, the account ID. The
2192
1867
  # Data Catalog is the persistent metadata store. It contains database
@@ -2215,20 +1890,6 @@ module Aws::LakeFormation
2215
1890
  # A structure containing a list of LF-tag conditions that apply to a
2216
1891
  # resource's LF-tag policy.
2217
1892
  #
2218
- # @note When making an API call, you may pass LFTagPolicyResource
2219
- # data as a hash:
2220
- #
2221
- # {
2222
- # catalog_id: "CatalogIdString",
2223
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2224
- # expression: [ # required
2225
- # {
2226
- # tag_key: "LFTagKey", # required
2227
- # tag_values: ["LFTagValue"], # required
2228
- # },
2229
- # ],
2230
- # }
2231
- #
2232
1893
  # @!attribute [rw] catalog_id
2233
1894
  # The identifier for the Data Catalog. By default, the account ID. The
2234
1895
  # Data Catalog is the persistent metadata store. It contains database
@@ -2255,21 +1916,37 @@ module Aws::LakeFormation
2255
1916
  include Aws::Structure
2256
1917
  end
2257
1918
 
2258
- # @note When making an API call, you may pass ListDataCellsFilterRequest
2259
- # data as a hash:
1919
+ # A single principal-resource pair that has Lake Formation permissins
1920
+ # enforced.
1921
+ #
1922
+ # @!attribute [rw] resource
1923
+ # A structure for the resource.
1924
+ # @return [Types::Resource]
1925
+ #
1926
+ # @!attribute [rw] principal
1927
+ # The Lake Formation principal. Supported principals are IAM users or
1928
+ # IAM roles.
1929
+ # @return [Types::DataLakePrincipal]
1930
+ #
1931
+ # @!attribute [rw] last_modified
1932
+ # The last modified date and time of the record.
1933
+ # @return [Time]
1934
+ #
1935
+ # @!attribute [rw] last_updated_by
1936
+ # The user who updated the record.
1937
+ # @return [String]
2260
1938
  #
2261
- # {
2262
- # table: {
2263
- # catalog_id: "CatalogIdString",
2264
- # database_name: "NameString", # required
2265
- # name: "NameString",
2266
- # table_wildcard: {
2267
- # },
2268
- # },
2269
- # next_token: "Token",
2270
- # max_results: 1,
2271
- # }
1939
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/LakeFormationOptInsInfo AWS API Documentation
2272
1940
  #
1941
+ class LakeFormationOptInsInfo < Struct.new(
1942
+ :resource,
1943
+ :principal,
1944
+ :last_modified,
1945
+ :last_updated_by)
1946
+ SENSITIVE = []
1947
+ include Aws::Structure
1948
+ end
1949
+
2273
1950
  # @!attribute [rw] table
2274
1951
  # A table in the Glue Data Catalog.
2275
1952
  # @return [Types::TableResource]
@@ -2310,16 +1987,6 @@ module Aws::LakeFormation
2310
1987
  include Aws::Structure
2311
1988
  end
2312
1989
 
2313
- # @note When making an API call, you may pass ListLFTagsRequest
2314
- # data as a hash:
2315
- #
2316
- # {
2317
- # catalog_id: "CatalogIdString",
2318
- # resource_share_type: "FOREIGN", # accepts FOREIGN, ALL
2319
- # max_results: 1,
2320
- # next_token: "Token",
2321
- # }
2322
- #
2323
1990
  # @!attribute [rw] catalog_id
2324
1991
  # The identifier for the Data Catalog. By default, the account ID. The
2325
1992
  # Data Catalog is the persistent metadata store. It contains database
@@ -2374,69 +2041,54 @@ module Aws::LakeFormation
2374
2041
  include Aws::Structure
2375
2042
  end
2376
2043
 
2377
- # @note When making an API call, you may pass ListPermissionsRequest
2378
- # data as a hash:
2379
- #
2380
- # {
2381
- # catalog_id: "CatalogIdString",
2382
- # principal: {
2383
- # data_lake_principal_identifier: "DataLakePrincipalString",
2384
- # },
2385
- # resource_type: "CATALOG", # accepts CATALOG, DATABASE, TABLE, DATA_LOCATION, LF_TAG, LF_TAG_POLICY, LF_TAG_POLICY_DATABASE, LF_TAG_POLICY_TABLE
2386
- # resource: {
2387
- # catalog: {
2388
- # },
2389
- # database: {
2390
- # catalog_id: "CatalogIdString",
2391
- # name: "NameString", # required
2392
- # },
2393
- # table: {
2394
- # catalog_id: "CatalogIdString",
2395
- # database_name: "NameString", # required
2396
- # name: "NameString",
2397
- # table_wildcard: {
2398
- # },
2399
- # },
2400
- # table_with_columns: {
2401
- # catalog_id: "CatalogIdString",
2402
- # database_name: "NameString", # required
2403
- # name: "NameString", # required
2404
- # column_names: ["NameString"],
2405
- # column_wildcard: {
2406
- # excluded_column_names: ["NameString"],
2407
- # },
2408
- # },
2409
- # data_location: {
2410
- # catalog_id: "CatalogIdString",
2411
- # resource_arn: "ResourceArnString", # required
2412
- # },
2413
- # data_cells_filter: {
2414
- # table_catalog_id: "CatalogIdString",
2415
- # database_name: "NameString",
2416
- # table_name: "NameString",
2417
- # name: "NameString",
2418
- # },
2419
- # lf_tag: {
2420
- # catalog_id: "CatalogIdString",
2421
- # tag_key: "NameString", # required
2422
- # tag_values: ["LFTagValue"], # required
2423
- # },
2424
- # lf_tag_policy: {
2425
- # catalog_id: "CatalogIdString",
2426
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
2427
- # expression: [ # required
2428
- # {
2429
- # tag_key: "LFTagKey", # required
2430
- # tag_values: ["LFTagValue"], # required
2431
- # },
2432
- # ],
2433
- # },
2434
- # },
2435
- # next_token: "Token",
2436
- # max_results: 1,
2437
- # include_related: "TrueFalseString",
2438
- # }
2044
+ # @!attribute [rw] principal
2045
+ # The Lake Formation principal. Supported principals are IAM users or
2046
+ # IAM roles.
2047
+ # @return [Types::DataLakePrincipal]
2048
+ #
2049
+ # @!attribute [rw] resource
2050
+ # A structure for the resource.
2051
+ # @return [Types::Resource]
2052
+ #
2053
+ # @!attribute [rw] max_results
2054
+ # The maximum number of results to return.
2055
+ # @return [Integer]
2056
+ #
2057
+ # @!attribute [rw] next_token
2058
+ # A continuation token, if this is not the first call to retrieve this
2059
+ # list.
2060
+ # @return [String]
2061
+ #
2062
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListLakeFormationOptInsRequest AWS API Documentation
2063
+ #
2064
+ class ListLakeFormationOptInsRequest < Struct.new(
2065
+ :principal,
2066
+ :resource,
2067
+ :max_results,
2068
+ :next_token)
2069
+ SENSITIVE = []
2070
+ include Aws::Structure
2071
+ end
2072
+
2073
+ # @!attribute [rw] lake_formation_opt_ins_info_list
2074
+ # A list of principal-resource pairs that have Lake Formation
2075
+ # permissins enforced.
2076
+ # @return [Array<Types::LakeFormationOptInsInfo>]
2077
+ #
2078
+ # @!attribute [rw] next_token
2079
+ # A continuation token, if this is not the first call to retrieve this
2080
+ # list.
2081
+ # @return [String]
2082
+ #
2083
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListLakeFormationOptInsResponse AWS API Documentation
2439
2084
  #
2085
+ class ListLakeFormationOptInsResponse < Struct.new(
2086
+ :lake_formation_opt_ins_info_list,
2087
+ :next_token)
2088
+ SENSITIVE = []
2089
+ include Aws::Structure
2090
+ end
2091
+
2440
2092
  # @!attribute [rw] catalog_id
2441
2093
  # The identifier for the Data Catalog. By default, the account ID. The
2442
2094
  # Data Catalog is the persistent metadata store. It contains database
@@ -2507,21 +2159,6 @@ module Aws::LakeFormation
2507
2159
  include Aws::Structure
2508
2160
  end
2509
2161
 
2510
- # @note When making an API call, you may pass ListResourcesRequest
2511
- # data as a hash:
2512
- #
2513
- # {
2514
- # filter_condition_list: [
2515
- # {
2516
- # field: "RESOURCE_ARN", # accepts RESOURCE_ARN, ROLE_ARN, LAST_MODIFIED
2517
- # comparison_operator: "EQ", # accepts EQ, NE, LE, LT, GE, GT, CONTAINS, NOT_CONTAINS, BEGINS_WITH, IN, BETWEEN
2518
- # string_value_list: ["StringValue"],
2519
- # },
2520
- # ],
2521
- # max_results: 1,
2522
- # next_token: "Token",
2523
- # }
2524
- #
2525
2162
  # @!attribute [rw] filter_condition_list
2526
2163
  # Any applicable row-level and/or column-level filtering conditions
2527
2164
  # for the resources.
@@ -2564,18 +2201,6 @@ module Aws::LakeFormation
2564
2201
  include Aws::Structure
2565
2202
  end
2566
2203
 
2567
- # @note When making an API call, you may pass ListTableStorageOptimizersRequest
2568
- # data as a hash:
2569
- #
2570
- # {
2571
- # catalog_id: "CatalogIdString",
2572
- # database_name: "NameString", # required
2573
- # table_name: "NameString", # required
2574
- # storage_optimizer_type: "COMPACTION", # accepts COMPACTION, GARBAGE_COLLECTION, ALL
2575
- # max_results: 1,
2576
- # next_token: "Token",
2577
- # }
2578
- #
2579
2204
  # @!attribute [rw] catalog_id
2580
2205
  # The Catalog ID of the table.
2581
2206
  # @return [String]
@@ -2632,16 +2257,6 @@ module Aws::LakeFormation
2632
2257
  include Aws::Structure
2633
2258
  end
2634
2259
 
2635
- # @note When making an API call, you may pass ListTransactionsRequest
2636
- # data as a hash:
2637
- #
2638
- # {
2639
- # catalog_id: "CatalogIdString",
2640
- # status_filter: "ALL", # accepts ALL, COMPLETED, ACTIVE, COMMITTED, ABORTED
2641
- # max_results: 1,
2642
- # next_token: "TokenString",
2643
- # }
2644
- #
2645
2260
  # @!attribute [rw] catalog_id
2646
2261
  # The catalog for which to list transactions. Defaults to the account
2647
2262
  # ID of the caller.
@@ -2725,6 +2340,38 @@ module Aws::LakeFormation
2725
2340
  include Aws::Structure
2726
2341
  end
2727
2342
 
2343
+ # Contains a list of values defining partitions.
2344
+ #
2345
+ # @!attribute [rw] values
2346
+ # The list of partition values.
2347
+ # @return [Array<String>]
2348
+ #
2349
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PartitionValueList AWS API Documentation
2350
+ #
2351
+ class PartitionValueList < Struct.new(
2352
+ :values)
2353
+ SENSITIVE = []
2354
+ include Aws::Structure
2355
+ end
2356
+
2357
+ # The engine does not support filtering data based on the enforced
2358
+ # permissions. For example, if you call the
2359
+ # `GetTemporaryGlueTableCredentials` operation with
2360
+ # `SupportedPermissionType` equal to `ColumnPermission`, but cell-level
2361
+ # permissions exist on the table, this exception is thrown.
2362
+ #
2363
+ # @!attribute [rw] message
2364
+ # A message describing the problem.
2365
+ # @return [String]
2366
+ #
2367
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PermissionTypeMismatchException AWS API Documentation
2368
+ #
2369
+ class PermissionTypeMismatchException < Struct.new(
2370
+ :message)
2371
+ SENSITIVE = []
2372
+ include Aws::Structure
2373
+ end
2374
+
2728
2375
  # Statistics related to the processing of a query statement.
2729
2376
  #
2730
2377
  # @!attribute [rw] estimated_data_to_scan_bytes
@@ -2756,16 +2403,6 @@ module Aws::LakeFormation
2756
2403
 
2757
2404
  # Permissions granted to a principal.
2758
2405
  #
2759
- # @note When making an API call, you may pass PrincipalPermissions
2760
- # data as a hash:
2761
- #
2762
- # {
2763
- # principal: {
2764
- # data_lake_principal_identifier: "DataLakePrincipalString",
2765
- # },
2766
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2767
- # }
2768
- #
2769
2406
  # @!attribute [rw] principal
2770
2407
  # The principal who is granted permissions.
2771
2408
  # @return [Types::DataLakePrincipal]
@@ -2808,6 +2445,14 @@ module Aws::LakeFormation
2808
2445
  # resource share ARN.
2809
2446
  # @return [Types::DetailsMap]
2810
2447
  #
2448
+ # @!attribute [rw] last_updated
2449
+ # The date and time when the resource was last updated.
2450
+ # @return [Time]
2451
+ #
2452
+ # @!attribute [rw] last_updated_by
2453
+ # The user who updated the record.
2454
+ # @return [String]
2455
+ #
2811
2456
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/PrincipalResourcePermissions AWS API Documentation
2812
2457
  #
2813
2458
  class PrincipalResourcePermissions < Struct.new(
@@ -2815,42 +2460,13 @@ module Aws::LakeFormation
2815
2460
  :resource,
2816
2461
  :permissions,
2817
2462
  :permissions_with_grant_option,
2818
- :additional_details)
2819
- SENSITIVE = []
2820
- include Aws::Structure
2821
- end
2822
-
2823
- # @note When making an API call, you may pass PutDataLakeSettingsRequest
2824
- # data as a hash:
2825
- #
2826
- # {
2827
- # catalog_id: "CatalogIdString",
2828
- # data_lake_settings: { # required
2829
- # data_lake_admins: [
2830
- # {
2831
- # data_lake_principal_identifier: "DataLakePrincipalString",
2832
- # },
2833
- # ],
2834
- # create_database_default_permissions: [
2835
- # {
2836
- # principal: {
2837
- # data_lake_principal_identifier: "DataLakePrincipalString",
2838
- # },
2839
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2840
- # },
2841
- # ],
2842
- # create_table_default_permissions: [
2843
- # {
2844
- # principal: {
2845
- # data_lake_principal_identifier: "DataLakePrincipalString",
2846
- # },
2847
- # permissions: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
2848
- # },
2849
- # ],
2850
- # trusted_resource_owners: ["CatalogIdString"],
2851
- # },
2852
- # }
2853
- #
2463
+ :additional_details,
2464
+ :last_updated,
2465
+ :last_updated_by)
2466
+ SENSITIVE = []
2467
+ include Aws::Structure
2468
+ end
2469
+
2854
2470
  # @!attribute [rw] catalog_id
2855
2471
  # The identifier for the Data Catalog. By default, the account ID. The
2856
2472
  # Data Catalog is the persistent metadata store. It contains database
@@ -2878,19 +2494,6 @@ module Aws::LakeFormation
2878
2494
 
2879
2495
  # A structure containing information about the query plan.
2880
2496
  #
2881
- # @note When making an API call, you may pass QueryPlanningContext
2882
- # data as a hash:
2883
- #
2884
- # {
2885
- # catalog_id: "CatalogIdString",
2886
- # database_name: "QueryPlanningContextDatabaseNameString", # required
2887
- # query_as_of_time: Time.now,
2888
- # query_parameters: {
2889
- # "String" => "String",
2890
- # },
2891
- # transaction_id: "TransactionIdString",
2892
- # }
2893
- #
2894
2497
  # @!attribute [rw] catalog_id
2895
2498
  # The ID of the Data Catalog where the partition in question resides.
2896
2499
  # If none is provided, the Amazon Web Services account ID is used by
@@ -2932,15 +2535,6 @@ module Aws::LakeFormation
2932
2535
  include Aws::Structure
2933
2536
  end
2934
2537
 
2935
- # @note When making an API call, you may pass RegisterResourceRequest
2936
- # data as a hash:
2937
- #
2938
- # {
2939
- # resource_arn: "ResourceArnString", # required
2940
- # use_service_linked_role: false,
2941
- # role_arn: "IAMRoleArn",
2942
- # }
2943
- #
2944
2538
  # @!attribute [rw] resource_arn
2945
2539
  # The Amazon Resource Name (ARN) of the resource that you want to
2946
2540
  # register.
@@ -2957,19 +2551,31 @@ module Aws::LakeFormation
2957
2551
  #
2958
2552
  #
2959
2553
  #
2960
- # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
2554
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html
2961
2555
  # @return [Boolean]
2962
2556
  #
2963
2557
  # @!attribute [rw] role_arn
2964
2558
  # The identifier for the role that registers the resource.
2965
2559
  # @return [String]
2966
2560
  #
2561
+ # @!attribute [rw] with_federation
2562
+ # Whether or not the resource is a federated resource.
2563
+ # @return [Boolean]
2564
+ #
2565
+ # @!attribute [rw] hybrid_access_enabled
2566
+ # Specifies whether the data access of tables pointing to the location
2567
+ # can be managed by both Lake Formation permissions as well as Amazon
2568
+ # S3 bucket policies.
2569
+ # @return [Boolean]
2570
+ #
2967
2571
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RegisterResourceRequest AWS API Documentation
2968
2572
  #
2969
2573
  class RegisterResourceRequest < Struct.new(
2970
2574
  :resource_arn,
2971
2575
  :use_service_linked_role,
2972
- :role_arn)
2576
+ :role_arn,
2577
+ :with_federation,
2578
+ :hybrid_access_enabled)
2973
2579
  SENSITIVE = []
2974
2580
  include Aws::Structure
2975
2581
  end
@@ -2978,69 +2584,6 @@ module Aws::LakeFormation
2978
2584
  #
2979
2585
  class RegisterResourceResponse < Aws::EmptyStructure; end
2980
2586
 
2981
- # @note When making an API call, you may pass RemoveLFTagsFromResourceRequest
2982
- # data as a hash:
2983
- #
2984
- # {
2985
- # catalog_id: "CatalogIdString",
2986
- # resource: { # required
2987
- # catalog: {
2988
- # },
2989
- # database: {
2990
- # catalog_id: "CatalogIdString",
2991
- # name: "NameString", # required
2992
- # },
2993
- # table: {
2994
- # catalog_id: "CatalogIdString",
2995
- # database_name: "NameString", # required
2996
- # name: "NameString",
2997
- # table_wildcard: {
2998
- # },
2999
- # },
3000
- # table_with_columns: {
3001
- # catalog_id: "CatalogIdString",
3002
- # database_name: "NameString", # required
3003
- # name: "NameString", # required
3004
- # column_names: ["NameString"],
3005
- # column_wildcard: {
3006
- # excluded_column_names: ["NameString"],
3007
- # },
3008
- # },
3009
- # data_location: {
3010
- # catalog_id: "CatalogIdString",
3011
- # resource_arn: "ResourceArnString", # required
3012
- # },
3013
- # data_cells_filter: {
3014
- # table_catalog_id: "CatalogIdString",
3015
- # database_name: "NameString",
3016
- # table_name: "NameString",
3017
- # name: "NameString",
3018
- # },
3019
- # lf_tag: {
3020
- # catalog_id: "CatalogIdString",
3021
- # tag_key: "NameString", # required
3022
- # tag_values: ["LFTagValue"], # required
3023
- # },
3024
- # lf_tag_policy: {
3025
- # catalog_id: "CatalogIdString",
3026
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3027
- # expression: [ # required
3028
- # {
3029
- # tag_key: "LFTagKey", # required
3030
- # tag_values: ["LFTagValue"], # required
3031
- # },
3032
- # ],
3033
- # },
3034
- # },
3035
- # lf_tags: [ # required
3036
- # {
3037
- # catalog_id: "CatalogIdString",
3038
- # tag_key: "LFTagKey", # required
3039
- # tag_values: ["LFTagValue"], # required
3040
- # },
3041
- # ],
3042
- # }
3043
- #
3044
2587
  # @!attribute [rw] catalog_id
3045
2588
  # The identifier for the Data Catalog. By default, the account ID. The
3046
2589
  # Data Catalog is the persistent metadata store. It contains database
@@ -3081,59 +2624,6 @@ module Aws::LakeFormation
3081
2624
 
3082
2625
  # A structure for the resource.
3083
2626
  #
3084
- # @note When making an API call, you may pass Resource
3085
- # data as a hash:
3086
- #
3087
- # {
3088
- # catalog: {
3089
- # },
3090
- # database: {
3091
- # catalog_id: "CatalogIdString",
3092
- # name: "NameString", # required
3093
- # },
3094
- # table: {
3095
- # catalog_id: "CatalogIdString",
3096
- # database_name: "NameString", # required
3097
- # name: "NameString",
3098
- # table_wildcard: {
3099
- # },
3100
- # },
3101
- # table_with_columns: {
3102
- # catalog_id: "CatalogIdString",
3103
- # database_name: "NameString", # required
3104
- # name: "NameString", # required
3105
- # column_names: ["NameString"],
3106
- # column_wildcard: {
3107
- # excluded_column_names: ["NameString"],
3108
- # },
3109
- # },
3110
- # data_location: {
3111
- # catalog_id: "CatalogIdString",
3112
- # resource_arn: "ResourceArnString", # required
3113
- # },
3114
- # data_cells_filter: {
3115
- # table_catalog_id: "CatalogIdString",
3116
- # database_name: "NameString",
3117
- # table_name: "NameString",
3118
- # name: "NameString",
3119
- # },
3120
- # lf_tag: {
3121
- # catalog_id: "CatalogIdString",
3122
- # tag_key: "NameString", # required
3123
- # tag_values: ["LFTagValue"], # required
3124
- # },
3125
- # lf_tag_policy: {
3126
- # catalog_id: "CatalogIdString",
3127
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3128
- # expression: [ # required
3129
- # {
3130
- # tag_key: "LFTagKey", # required
3131
- # tag_values: ["LFTagValue"], # required
3132
- # },
3133
- # ],
3134
- # },
3135
- # }
3136
- #
3137
2627
  # @!attribute [rw] catalog
3138
2628
  # The identifier for the Data Catalog. By default, the account ID. The
3139
2629
  # Data Catalog is the persistent metadata store. It contains database
@@ -3206,12 +2696,24 @@ module Aws::LakeFormation
3206
2696
  # The date and time the resource was last modified.
3207
2697
  # @return [Time]
3208
2698
  #
2699
+ # @!attribute [rw] with_federation
2700
+ # Whether or not the resource is a federated resource.
2701
+ # @return [Boolean]
2702
+ #
2703
+ # @!attribute [rw] hybrid_access_enabled
2704
+ # Indicates whether the data access of tables pointing to the location
2705
+ # can be managed by both Lake Formation permissions as well as Amazon
2706
+ # S3 bucket policies.
2707
+ # @return [Boolean]
2708
+ #
3209
2709
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ResourceInfo AWS API Documentation
3210
2710
  #
3211
2711
  class ResourceInfo < Struct.new(
3212
2712
  :resource_arn,
3213
2713
  :role_arn,
3214
- :last_modified)
2714
+ :last_modified,
2715
+ :with_federation,
2716
+ :hybrid_access_enabled)
3215
2717
  SENSITIVE = []
3216
2718
  include Aws::Structure
3217
2719
  end
@@ -3245,67 +2747,6 @@ module Aws::LakeFormation
3245
2747
  include Aws::Structure
3246
2748
  end
3247
2749
 
3248
- # @note When making an API call, you may pass RevokePermissionsRequest
3249
- # data as a hash:
3250
- #
3251
- # {
3252
- # catalog_id: "CatalogIdString",
3253
- # principal: { # required
3254
- # data_lake_principal_identifier: "DataLakePrincipalString",
3255
- # },
3256
- # resource: { # required
3257
- # catalog: {
3258
- # },
3259
- # database: {
3260
- # catalog_id: "CatalogIdString",
3261
- # name: "NameString", # required
3262
- # },
3263
- # table: {
3264
- # catalog_id: "CatalogIdString",
3265
- # database_name: "NameString", # required
3266
- # name: "NameString",
3267
- # table_wildcard: {
3268
- # },
3269
- # },
3270
- # table_with_columns: {
3271
- # catalog_id: "CatalogIdString",
3272
- # database_name: "NameString", # required
3273
- # name: "NameString", # required
3274
- # column_names: ["NameString"],
3275
- # column_wildcard: {
3276
- # excluded_column_names: ["NameString"],
3277
- # },
3278
- # },
3279
- # data_location: {
3280
- # catalog_id: "CatalogIdString",
3281
- # resource_arn: "ResourceArnString", # required
3282
- # },
3283
- # data_cells_filter: {
3284
- # table_catalog_id: "CatalogIdString",
3285
- # database_name: "NameString",
3286
- # table_name: "NameString",
3287
- # name: "NameString",
3288
- # },
3289
- # lf_tag: {
3290
- # catalog_id: "CatalogIdString",
3291
- # tag_key: "NameString", # required
3292
- # tag_values: ["LFTagValue"], # required
3293
- # },
3294
- # lf_tag_policy: {
3295
- # catalog_id: "CatalogIdString",
3296
- # resource_type: "DATABASE", # required, accepts DATABASE, TABLE
3297
- # expression: [ # required
3298
- # {
3299
- # tag_key: "LFTagKey", # required
3300
- # tag_values: ["LFTagValue"], # required
3301
- # },
3302
- # ],
3303
- # },
3304
- # },
3305
- # permissions: ["ALL"], # required, accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
3306
- # permissions_with_grant_option: ["ALL"], # accepts ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, CREATE_TAG, ALTER_TAG, DELETE_TAG, DESCRIBE_TAG, ASSOCIATE_TAG
3307
- # }
3308
- #
3309
2750
  # @!attribute [rw] catalog_id
3310
2751
  # The identifier for the Data Catalog. By default, the account ID. The
3311
2752
  # Data Catalog is the persistent metadata store. It contains database
@@ -3328,7 +2769,7 @@ module Aws::LakeFormation
3328
2769
  #
3329
2770
  #
3330
2771
  #
3331
- # [1]: https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html
2772
+ # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html
3332
2773
  # @return [Array<String>]
3333
2774
  #
3334
2775
  # @!attribute [rw] permissions_with_grant_option
@@ -3354,15 +2795,6 @@ module Aws::LakeFormation
3354
2795
 
3355
2796
  # A PartiQL predicate.
3356
2797
  #
3357
- # @note When making an API call, you may pass RowFilter
3358
- # data as a hash:
3359
- #
3360
- # {
3361
- # filter_expression: "PredicateString",
3362
- # all_rows_wildcard: {
3363
- # },
3364
- # }
3365
- #
3366
2798
  # @!attribute [rw] filter_expression
3367
2799
  # A filter expression.
3368
2800
  # @return [String]
@@ -3380,21 +2812,6 @@ module Aws::LakeFormation
3380
2812
  include Aws::Structure
3381
2813
  end
3382
2814
 
3383
- # @note When making an API call, you may pass SearchDatabasesByLFTagsRequest
3384
- # data as a hash:
3385
- #
3386
- # {
3387
- # next_token: "Token",
3388
- # max_results: 1,
3389
- # catalog_id: "CatalogIdString",
3390
- # expression: [ # required
3391
- # {
3392
- # tag_key: "LFTagKey", # required
3393
- # tag_values: ["LFTagValue"], # required
3394
- # },
3395
- # ],
3396
- # }
3397
- #
3398
2815
  # @!attribute [rw] next_token
3399
2816
  # A continuation token, if this is not the first call to retrieve this
3400
2817
  # list.
@@ -3445,21 +2862,6 @@ module Aws::LakeFormation
3445
2862
  include Aws::Structure
3446
2863
  end
3447
2864
 
3448
- # @note When making an API call, you may pass SearchTablesByLFTagsRequest
3449
- # data as a hash:
3450
- #
3451
- # {
3452
- # next_token: "Token",
3453
- # max_results: 1,
3454
- # catalog_id: "CatalogIdString",
3455
- # expression: [ # required
3456
- # {
3457
- # tag_key: "LFTagKey", # required
3458
- # tag_values: ["LFTagValue"], # required
3459
- # },
3460
- # ],
3461
- # }
3462
- #
3463
2865
  # @!attribute [rw] next_token
3464
2866
  # A continuation token, if this is not the first call to retrieve this
3465
2867
  # list.
@@ -3510,22 +2912,6 @@ module Aws::LakeFormation
3510
2912
  include Aws::Structure
3511
2913
  end
3512
2914
 
3513
- # @note When making an API call, you may pass StartQueryPlanningRequest
3514
- # data as a hash:
3515
- #
3516
- # {
3517
- # query_planning_context: { # required
3518
- # catalog_id: "CatalogIdString",
3519
- # database_name: "QueryPlanningContextDatabaseNameString", # required
3520
- # query_as_of_time: Time.now,
3521
- # query_parameters: {
3522
- # "String" => "String",
3523
- # },
3524
- # transaction_id: "TransactionIdString",
3525
- # },
3526
- # query_string: "SyntheticStartQueryPlanningRequestQueryString", # required
3527
- # }
3528
- #
3529
2915
  # @!attribute [rw] query_planning_context
3530
2916
  # A structure containing information about the query plan.
3531
2917
  # @return [Types::QueryPlanningContext]
@@ -3560,13 +2946,6 @@ module Aws::LakeFormation
3560
2946
  include Aws::Structure
3561
2947
  end
3562
2948
 
3563
- # @note When making an API call, you may pass StartTransactionRequest
3564
- # data as a hash:
3565
- #
3566
- # {
3567
- # transaction_type: "READ_AND_WRITE", # accepts READ_AND_WRITE, READ_ONLY
3568
- # }
3569
- #
3570
2949
  # @!attribute [rw] transaction_type
3571
2950
  # Indicates whether this transaction should be read only or read and
3572
2951
  # write. Writes made using a read-only transaction ID will be
@@ -3681,17 +3060,6 @@ module Aws::LakeFormation
3681
3060
  # that represents your data. You can Grant and Revoke table privileges
3682
3061
  # to a principal.
3683
3062
  #
3684
- # @note When making an API call, you may pass TableResource
3685
- # data as a hash:
3686
- #
3687
- # {
3688
- # catalog_id: "CatalogIdString",
3689
- # database_name: "NameString", # required
3690
- # name: "NameString",
3691
- # table_wildcard: {
3692
- # },
3693
- # }
3694
- #
3695
3063
  # @!attribute [rw] catalog_id
3696
3064
  # The identifier for the Data Catalog. By default, it is the account
3697
3065
  # ID of the caller.
@@ -3740,19 +3108,6 @@ module Aws::LakeFormation
3740
3108
  # This object must take a value for at least one of `ColumnsNames`,
3741
3109
  # `ColumnsIndexes`, or `ColumnsWildcard`.
3742
3110
  #
3743
- # @note When making an API call, you may pass TableWithColumnsResource
3744
- # data as a hash:
3745
- #
3746
- # {
3747
- # catalog_id: "CatalogIdString",
3748
- # database_name: "NameString", # required
3749
- # name: "NameString", # required
3750
- # column_names: ["NameString"],
3751
- # column_wildcard: {
3752
- # excluded_column_names: ["NameString"],
3753
- # },
3754
- # }
3755
- #
3756
3111
  # @!attribute [rw] catalog_id
3757
3112
  # The identifier for the Data Catalog. By default, it is the account
3758
3113
  # ID of the caller.
@@ -3930,16 +3285,23 @@ module Aws::LakeFormation
3930
3285
  include Aws::Structure
3931
3286
  end
3932
3287
 
3933
- # @note When making an API call, you may pass UpdateLFTagRequest
3934
- # data as a hash:
3288
+ # @!attribute [rw] table_data
3289
+ # A `DataCellsFilter` structure containing information about the data
3290
+ # cells filter.
3291
+ # @return [Types::DataCellsFilter]
3935
3292
  #
3936
- # {
3937
- # catalog_id: "CatalogIdString",
3938
- # tag_key: "LFTagKey", # required
3939
- # tag_values_to_delete: ["LFTagValue"],
3940
- # tag_values_to_add: ["LFTagValue"],
3941
- # }
3293
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateDataCellsFilterRequest AWS API Documentation
3294
+ #
3295
+ class UpdateDataCellsFilterRequest < Struct.new(
3296
+ :table_data)
3297
+ SENSITIVE = []
3298
+ include Aws::Structure
3299
+ end
3300
+
3301
+ # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateDataCellsFilterResponse AWS API Documentation
3942
3302
  #
3303
+ class UpdateDataCellsFilterResponse < Aws::EmptyStructure; end
3304
+
3943
3305
  # @!attribute [rw] catalog_id
3944
3306
  # The identifier for the Data Catalog. By default, the account ID. The
3945
3307
  # Data Catalog is the persistent metadata store. It contains database
@@ -3974,14 +3336,6 @@ module Aws::LakeFormation
3974
3336
  #
3975
3337
  class UpdateLFTagResponse < Aws::EmptyStructure; end
3976
3338
 
3977
- # @note When making an API call, you may pass UpdateResourceRequest
3978
- # data as a hash:
3979
- #
3980
- # {
3981
- # role_arn: "IAMRoleArn", # required
3982
- # resource_arn: "ResourceArnString", # required
3983
- # }
3984
- #
3985
3339
  # @!attribute [rw] role_arn
3986
3340
  # The new role to use for the given resource registered in Lake
3987
3341
  # Formation.
@@ -3991,11 +3345,23 @@ module Aws::LakeFormation
3991
3345
  # The resource ARN.
3992
3346
  # @return [String]
3993
3347
  #
3348
+ # @!attribute [rw] with_federation
3349
+ # Whether or not the resource is a federated resource.
3350
+ # @return [Boolean]
3351
+ #
3352
+ # @!attribute [rw] hybrid_access_enabled
3353
+ # Specifies whether the data access of tables pointing to the location
3354
+ # can be managed by both Lake Formation permissions as well as Amazon
3355
+ # S3 bucket policies.
3356
+ # @return [Boolean]
3357
+ #
3994
3358
  # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateResourceRequest AWS API Documentation
3995
3359
  #
3996
3360
  class UpdateResourceRequest < Struct.new(
3997
3361
  :role_arn,
3998
- :resource_arn)
3362
+ :resource_arn,
3363
+ :with_federation,
3364
+ :hybrid_access_enabled)
3999
3365
  SENSITIVE = []
4000
3366
  include Aws::Structure
4001
3367
  end
@@ -4004,31 +3370,6 @@ module Aws::LakeFormation
4004
3370
  #
4005
3371
  class UpdateResourceResponse < Aws::EmptyStructure; end
4006
3372
 
4007
- # @note When making an API call, you may pass UpdateTableObjectsRequest
4008
- # data as a hash:
4009
- #
4010
- # {
4011
- # catalog_id: "CatalogIdString",
4012
- # database_name: "NameString", # required
4013
- # table_name: "NameString", # required
4014
- # transaction_id: "TransactionIdString", # required
4015
- # write_operations: [ # required
4016
- # {
4017
- # add_object: {
4018
- # uri: "URI", # required
4019
- # etag: "ETagString", # required
4020
- # size: 1, # required
4021
- # partition_values: ["PartitionValueString"],
4022
- # },
4023
- # delete_object: {
4024
- # uri: "URI", # required
4025
- # etag: "ETagString",
4026
- # partition_values: ["PartitionValueString"],
4027
- # },
4028
- # },
4029
- # ],
4030
- # }
4031
- #
4032
3373
  # @!attribute [rw] catalog_id
4033
3374
  # The catalog containing the governed table to update. Defaults to the
4034
3375
  # caller’s account ID.
@@ -4067,20 +3408,6 @@ module Aws::LakeFormation
4067
3408
  #
4068
3409
  class UpdateTableObjectsResponse < Aws::EmptyStructure; end
4069
3410
 
4070
- # @note When making an API call, you may pass UpdateTableStorageOptimizerRequest
4071
- # data as a hash:
4072
- #
4073
- # {
4074
- # catalog_id: "CatalogIdString",
4075
- # database_name: "NameString", # required
4076
- # table_name: "NameString", # required
4077
- # storage_optimizer_config: { # required
4078
- # "COMPACTION" => {
4079
- # "StorageOptimizerConfigKey" => "StorageOptimizerConfigValue",
4080
- # },
4081
- # },
4082
- # }
4083
- #
4084
3411
  # @!attribute [rw] catalog_id
4085
3412
  # The Catalog ID of the table.
4086
3413
  # @return [String]
@@ -4124,14 +3451,6 @@ module Aws::LakeFormation
4124
3451
  # transaction cancels, provided that `VirtualPut` was called before
4125
3452
  # writing the object.
4126
3453
  #
4127
- # @note When making an API call, you may pass VirtualObject
4128
- # data as a hash:
4129
- #
4130
- # {
4131
- # uri: "URI", # required
4132
- # etag: "ETagString",
4133
- # }
4134
- #
4135
3454
  # @!attribute [rw] uri
4136
3455
  # The path to the Amazon S3 object. Must start with s3://
4137
3456
  # @return [String]
@@ -4191,23 +3510,6 @@ module Aws::LakeFormation
4191
3510
 
4192
3511
  # Defines an object to add to or delete from a governed table.
4193
3512
  #
4194
- # @note When making an API call, you may pass WriteOperation
4195
- # data as a hash:
4196
- #
4197
- # {
4198
- # add_object: {
4199
- # uri: "URI", # required
4200
- # etag: "ETagString", # required
4201
- # size: 1, # required
4202
- # partition_values: ["PartitionValueString"],
4203
- # },
4204
- # delete_object: {
4205
- # uri: "URI", # required
4206
- # etag: "ETagString",
4207
- # partition_values: ["PartitionValueString"],
4208
- # },
4209
- # }
4210
- #
4211
3513
  # @!attribute [rw] add_object
4212
3514
  # A new object to add to the governed table.
4213
3515
  # @return [Types::AddObjectInput]