RubyGems - aws-sdk-lakeformation - Versions diffs - 1.83.0 → 1.84.0 - Mend

aws-sdk-lakeformation 1.83.0 → 1.84.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-lakeformation/client.rb +99 -1
data/lib/aws-sdk-lakeformation/client_api.rb +46 -0
data/lib/aws-sdk-lakeformation/errors.rb +16 -0
data/lib/aws-sdk-lakeformation/types.rb +160 -3
data/lib/aws-sdk-lakeformation.rb +1 -1
data/sig/client.rbs +21 -2
data/sig/errors.rbs +3 -0
data/sig/types.rbs +32 -0
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cbc77fc937e5a0dbb333d781b8c7ca0aaae804d936797bc131a3336b0db3fca1
-  data.tar.gz: e8268b18b8f4934a37c9e9c9bcb678e0ababdf435382355c0a357def24242cc9
+  metadata.gz: a3e0dd90e6b4c132c67beaab6d04876138e68a617afbf24665c11a47d9d67d6e
+  data.tar.gz: '00585f7bd9647a46511ce93b70266481ffba16f159257548c877f6412d7efea4'
 SHA512:
-  metadata.gz: 6776c9d8b3a092e07dc4d28c2c411feca33143f5ae7733a9c991173d894bda68098d4234e3bd74839c5102f12eb974a1152f414d395d2210c6585407ca1f97be
-  data.tar.gz: 5069e0931b8eb7face2f5cc3ef7fa4f038647b44feb6663ec0ab319493a7649d0619137444f9a9acdcd49718297e74d8679f5bc32f704fcc525b3077dbc599e4
+  metadata.gz: ca87a0cf2129902abf07283ec04f5172a3106bbd92eeb3b38950638a502a023ecd4f42596e27886a96477f5f0a34a13a5ebf50109f985f1e3b630746aa729868
+  data.tar.gz: 549646966634e04a5f239c0ca9225667720e12bb6639ae1d8f502825f0e8b4a4bdfab47686e810b9cc93f797e3515153f80ab0067b04a0eab796a5c7c7818f3f

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.84.0 (2026-01-15)
+------------------
+* Feature - API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResource
 1.83.0 (2026-01-08)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.83.0
1	+ 1.84.0

data/lib/aws-sdk-lakeformation/client.rb CHANGED Viewed

@@ -1664,6 +1664,8 @@ module Aws::LakeFormation
     #   resp.resource_info.with_federation #=> Boolean
     #   resp.resource_info.hybrid_access_enabled #=> Boolean
     #   resp.resource_info.with_privileged_access #=> Boolean
+    #   resp.resource_info.verification_status #=> String, one of "VERIFIED", "VERIFICATION_FAILED", "NOT_VERIFIED"
+    #   resp.resource_info.expected_resource_owner_account #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/DescribeResource AWS API Documentation
     #
@@ -2296,6 +2298,90 @@ module Aws::LakeFormation
       req.send_request(options)
     end
+    # Allows a user or application in a secure environment to access data in
+    # a specific Amazon S3 location registered with Lake Formation by
+    # providing temporary scoped credentials that are limited to the
+    # requested data location and the caller's authorized access level.
+    #
+    # The API operation returns an error in the following scenarios:
+    #
+    # * The data location is not registered with Lake Formation.
+    #
+    # * No Glue table is associated with the data location.
+    #
+    # * The caller doesn't have required permissions on the associated
+    #   table. The caller must have `SELECT` or `SUPER` permissions on the
+    #   associated table, and credential vending for full table access must
+    #   be enabled in the data lake settings.
+    #
+    #   For more information, see [Application integration for full table
+    #   access][1].
+    #
+    # * The data location is in a different Amazon Web Services Region. Lake
+    #   Formation doesn't support cross-Region access when vending
+    #   credentials for a data location. Lake Formation only supports Amazon
+    #   S3 paths registered within the same Region as the API call.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/lake-formation/latest/dg/full-table-credential-vending.html
+    #
+    # @option params [Integer] :duration_seconds
+    #   The time period, between 900 and 43,200 seconds, for the timeout of
+    #   the temporary credentials.
+    #
+    # @option params [Types::AuditContext] :audit_context
+    #   A structure used to include auditing information on the privileged
+    #   API.
+    #
+    # @option params [Array<String>] :data_locations
+    #   The Amazon S3 data location that you want to access.
+    #
+    # @option params [String] :credentials_scope
+    #   The credential scope is determined by the caller's Lake Formation
+    #   permission on the associated table. Credential scope can be either:
+    #
+    #   * READ - Provides read-only access to the data location.
+    #
+    #   * READ\_WRITE - Provides both read and write access to the data
+    #     location.
+    #
+    # @return [Types::GetTemporaryDataLocationCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTemporaryDataLocationCredentialsResponse#credentials #credentials} => Types::TemporaryCredentials
+    #   * {Types::GetTemporaryDataLocationCredentialsResponse#accessible_data_locations #accessible_data_locations} => Array&lt;String&gt;
+    #   * {Types::GetTemporaryDataLocationCredentialsResponse#credentials_scope #credentials_scope} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_temporary_data_location_credentials({
+    #     duration_seconds: 1,
+    #     audit_context: {
+    #       additional_audit_context: "AuditContextString",
+    #     },
+    #     data_locations: ["PathString"],
+    #     credentials_scope: "READ", # accepts READ, READWRITE
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.credentials.access_key_id #=> String
+    #   resp.credentials.secret_access_key #=> String
+    #   resp.credentials.session_token #=> String
+    #   resp.credentials.expiration #=> Time
+    #   resp.accessible_data_locations #=> Array
+    #   resp.accessible_data_locations[0] #=> String
+    #   resp.credentials_scope #=> String, one of "READ", "READWRITE"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryDataLocationCredentials AWS API Documentation
+    #
+    # @overload get_temporary_data_location_credentials(params = {})
+    # @param [Hash] params ({})
+    def get_temporary_data_location_credentials(params = {}, options = {})
+      req = build_request(:get_temporary_data_location_credentials, params)
+      req.send_request(options)
+    end
     # This API is identical to `GetTemporaryTableCredentials` except that
     # this is used when the target Data Catalog resource is of type
     # Partition. Lake Formation restricts the permission of the vended
@@ -3192,6 +3278,8 @@ module Aws::LakeFormation
     #   resp.resource_info_list[0].with_federation #=> Boolean
     #   resp.resource_info_list[0].hybrid_access_enabled #=> Boolean
     #   resp.resource_info_list[0].with_privileged_access #=> Boolean
+    #   resp.resource_info_list[0].verification_status #=> String, one of "VERIFIED", "VERIFICATION_FAILED", "NOT_VERIFIED"
+    #   resp.resource_info_list[0].expected_resource_owner_account #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ListResources AWS API Documentation
@@ -3453,6 +3541,10 @@ module Aws::LakeFormation
     #   Grants the calling principal the permissions to perform all supported
     #   Lake Formation operations on the registered data location.
     #
+    # @option params [String] :expected_resource_owner_account
+    #   The Amazon Web Services account that owns the Glue tables associated
+    #   with specific Amazon S3 locations.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -3464,6 +3556,7 @@ module Aws::LakeFormation
     #     with_federation: false,
     #     hybrid_access_enabled: false,
     #     with_privileged_access: false,
+    #     expected_resource_owner_account: "AccountIdString",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RegisterResource AWS API Documentation
@@ -4131,6 +4224,10 @@ module Aws::LakeFormation
     #   can be managed by both Lake Formation permissions as well as Amazon S3
     #   bucket policies.
     #
+    # @option params [String] :expected_resource_owner_account
+    #   The Amazon Web Services account that owns the Glue tables associated
+    #   with specific Amazon S3 locations.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -4140,6 +4237,7 @@ module Aws::LakeFormation
     #     resource_arn: "ResourceArnString", # required
     #     with_federation: false,
     #     hybrid_access_enabled: false,
+    #     expected_resource_owner_account: "AccountIdString",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateResource AWS API Documentation
@@ -4268,7 +4366,7 @@ module Aws::LakeFormation
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-lakeformation'
-      context[:gem_version] = '1.83.0'
+      context[:gem_version] = '1.84.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-lakeformation/client_api.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Aws::LakeFormation
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessKeyIdString = Shapes::StringShape.new(name: 'AccessKeyIdString')
+    AccountIdString = Shapes::StringShape.new(name: 'AccountIdString')
     AddLFTagsToResourceRequest = Shapes::StructureShape.new(name: 'AddLFTagsToResourceRequest')
     AddLFTagsToResourceResponse = Shapes::StructureShape.new(name: 'AddLFTagsToResourceResponse')
     AddObjectInput = Shapes::StructureShape.new(name: 'AddObjectInput')
@@ -52,6 +53,7 @@ module Aws::LakeFormation
     ComparisonOperator = Shapes::StringShape.new(name: 'ComparisonOperator')
     ConcurrentModificationException = Shapes::StructureShape.new(name: 'ConcurrentModificationException')
     Condition = Shapes::StructureShape.new(name: 'Condition')
+    ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     ContextKey = Shapes::StringShape.new(name: 'ContextKey')
     ContextValue = Shapes::StringShape.new(name: 'ContextValue')
     CreateDataCellsFilterRequest = Shapes::StructureShape.new(name: 'CreateDataCellsFilterRequest')
@@ -65,6 +67,7 @@ module Aws::LakeFormation
     CreateLakeFormationOptInRequest = Shapes::StructureShape.new(name: 'CreateLakeFormationOptInRequest')
     CreateLakeFormationOptInResponse = Shapes::StructureShape.new(name: 'CreateLakeFormationOptInResponse')
     CredentialTimeoutDurationSecondInteger = Shapes::IntegerShape.new(name: 'CredentialTimeoutDurationSecondInteger')
+    CredentialsScope = Shapes::StringShape.new(name: 'CredentialsScope')
     DataCellsFilter = Shapes::StructureShape.new(name: 'DataCellsFilter')
     DataCellsFilterList = Shapes::ListShape.new(name: 'DataCellsFilterList')
     DataCellsFilterResource = Shapes::StructureShape.new(name: 'DataCellsFilterResource')
@@ -138,6 +141,8 @@ module Aws::LakeFormation
     GetResourceLFTagsResponse = Shapes::StructureShape.new(name: 'GetResourceLFTagsResponse')
     GetTableObjectsRequest = Shapes::StructureShape.new(name: 'GetTableObjectsRequest')
     GetTableObjectsResponse = Shapes::StructureShape.new(name: 'GetTableObjectsResponse')
+    GetTemporaryDataLocationCredentialsRequest = Shapes::StructureShape.new(name: 'GetTemporaryDataLocationCredentialsRequest')
+    GetTemporaryDataLocationCredentialsResponse = Shapes::StructureShape.new(name: 'GetTemporaryDataLocationCredentialsResponse')
     GetTemporaryGluePartitionCredentialsRequest = Shapes::StructureShape.new(name: 'GetTemporaryGluePartitionCredentialsRequest')
     GetTemporaryGluePartitionCredentialsResponse = Shapes::StructureShape.new(name: 'GetTemporaryGluePartitionCredentialsResponse')
     GetTemporaryGlueTableCredentialsRequest = Shapes::StructureShape.new(name: 'GetTemporaryGlueTableCredentialsRequest')
@@ -292,6 +297,7 @@ module Aws::LakeFormation
     TagValueList = Shapes::ListShape.new(name: 'TagValueList')
     TaggedDatabase = Shapes::StructureShape.new(name: 'TaggedDatabase')
     TaggedTable = Shapes::StructureShape.new(name: 'TaggedTable')
+    TemporaryCredentials = Shapes::StructureShape.new(name: 'TemporaryCredentials')
     ThrottledException = Shapes::StructureShape.new(name: 'ThrottledException')
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
     Token = Shapes::StringShape.new(name: 'Token')
@@ -324,6 +330,7 @@ module Aws::LakeFormation
     UpdateTableStorageOptimizerResponse = Shapes::StructureShape.new(name: 'UpdateTableStorageOptimizerResponse')
     ValueString = Shapes::StringShape.new(name: 'ValueString')
     ValueStringList = Shapes::ListShape.new(name: 'ValueStringList')
+    VerificationStatus = Shapes::StringShape.new(name: 'VerificationStatus')
     VersionString = Shapes::StringShape.new(name: 'VersionString')
     VirtualObject = Shapes::StructureShape.new(name: 'VirtualObject')
     VirtualObjectList = Shapes::ListShape.new(name: 'VirtualObjectList')
@@ -438,6 +445,9 @@ module Aws::LakeFormation
     Condition.add_member(:expression, Shapes::ShapeRef.new(shape: ExpressionString, location_name: "Expression"))
     Condition.struct_class = Types::Condition
+    ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: MessageString, location_name: "Message"))
+    ConflictException.struct_class = Types::ConflictException
     CreateDataCellsFilterRequest.add_member(:table_data, Shapes::ShapeRef.new(shape: DataCellsFilter, required: true, location_name: "TableData"))
     CreateDataCellsFilterRequest.struct_class = Types::CreateDataCellsFilterRequest
@@ -719,6 +729,17 @@ module Aws::LakeFormation
     GetTableObjectsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: TokenString, location_name: "NextToken"))
     GetTableObjectsResponse.struct_class = Types::GetTableObjectsResponse
+    GetTemporaryDataLocationCredentialsRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: CredentialTimeoutDurationSecondInteger, location_name: "DurationSeconds"))
+    GetTemporaryDataLocationCredentialsRequest.add_member(:audit_context, Shapes::ShapeRef.new(shape: AuditContext, location_name: "AuditContext"))
+    GetTemporaryDataLocationCredentialsRequest.add_member(:data_locations, Shapes::ShapeRef.new(shape: PathStringList, location_name: "DataLocations"))
+    GetTemporaryDataLocationCredentialsRequest.add_member(:credentials_scope, Shapes::ShapeRef.new(shape: CredentialsScope, location_name: "CredentialsScope"))
+    GetTemporaryDataLocationCredentialsRequest.struct_class = Types::GetTemporaryDataLocationCredentialsRequest
+    GetTemporaryDataLocationCredentialsResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: TemporaryCredentials, location_name: "Credentials"))
+    GetTemporaryDataLocationCredentialsResponse.add_member(:accessible_data_locations, Shapes::ShapeRef.new(shape: PathStringList, location_name: "AccessibleDataLocations"))
+    GetTemporaryDataLocationCredentialsResponse.add_member(:credentials_scope, Shapes::ShapeRef.new(shape: CredentialsScope, location_name: "CredentialsScope"))
+    GetTemporaryDataLocationCredentialsResponse.struct_class = Types::GetTemporaryDataLocationCredentialsResponse
     GetTemporaryGluePartitionCredentialsRequest.add_member(:table_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "TableArn"))
     GetTemporaryGluePartitionCredentialsRequest.add_member(:partition, Shapes::ShapeRef.new(shape: PartitionValueList, required: true, location_name: "Partition"))
     GetTemporaryGluePartitionCredentialsRequest.add_member(:permissions, Shapes::ShapeRef.new(shape: PermissionList, location_name: "Permissions"))
@@ -1009,6 +1030,7 @@ module Aws::LakeFormation
     RegisterResourceRequest.add_member(:with_federation, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "WithFederation"))
     RegisterResourceRequest.add_member(:hybrid_access_enabled, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "HybridAccessEnabled"))
     RegisterResourceRequest.add_member(:with_privileged_access, Shapes::ShapeRef.new(shape: Boolean, location_name: "WithPrivilegedAccess"))
+    RegisterResourceRequest.add_member(:expected_resource_owner_account, Shapes::ShapeRef.new(shape: AccountIdString, location_name: "ExpectedResourceOwnerAccount"))
     RegisterResourceRequest.struct_class = Types::RegisterResourceRequest
     RegisterResourceResponse.struct_class = Types::RegisterResourceResponse
@@ -1038,6 +1060,8 @@ module Aws::LakeFormation
     ResourceInfo.add_member(:with_federation, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "WithFederation"))
     ResourceInfo.add_member(:hybrid_access_enabled, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "HybridAccessEnabled"))
     ResourceInfo.add_member(:with_privileged_access, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "WithPrivilegedAccess"))
+    ResourceInfo.add_member(:verification_status, Shapes::ShapeRef.new(shape: VerificationStatus, location_name: "VerificationStatus"))
+    ResourceInfo.add_member(:expected_resource_owner_account, Shapes::ShapeRef.new(shape: AccountIdString, location_name: "ExpectedResourceOwnerAccount"))
     ResourceInfo.struct_class = Types::ResourceInfo
     ResourceInfoList.member = Shapes::ShapeRef.new(shape: ResourceInfo)
@@ -1163,6 +1187,12 @@ module Aws::LakeFormation
     TaggedTable.add_member(:lf_tags_on_columns, Shapes::ShapeRef.new(shape: ColumnLFTagsList, location_name: "LFTagsOnColumns"))
     TaggedTable.struct_class = Types::TaggedTable
+    TemporaryCredentials.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyIdString, location_name: "AccessKeyId"))
+    TemporaryCredentials.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: SecretAccessKeyString, location_name: "SecretAccessKey"))
+    TemporaryCredentials.add_member(:session_token, Shapes::ShapeRef.new(shape: SessionTokenString, location_name: "SessionToken"))
+    TemporaryCredentials.add_member(:expiration, Shapes::ShapeRef.new(shape: ExpirationTimestamp, location_name: "Expiration"))
+    TemporaryCredentials.struct_class = Types::TemporaryCredentials
     ThrottledException.add_member(:message, Shapes::ShapeRef.new(shape: MessageString, location_name: "Message"))
     ThrottledException.struct_class = Types::ThrottledException
@@ -1219,6 +1249,7 @@ module Aws::LakeFormation
     UpdateResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "ResourceArn"))
     UpdateResourceRequest.add_member(:with_federation, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "WithFederation"))
     UpdateResourceRequest.add_member(:hybrid_access_enabled, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "HybridAccessEnabled"))
+    UpdateResourceRequest.add_member(:expected_resource_owner_account, Shapes::ShapeRef.new(shape: AccountIdString, location_name: "ExpectedResourceOwnerAccount"))
     UpdateResourceRequest.struct_class = Types::UpdateResourceRequest
     UpdateResourceResponse.struct_class = Types::UpdateResourceResponse
@@ -1725,6 +1756,21 @@ module Aws::LakeFormation
         )
       end)
+      api.add_operation(:get_temporary_data_location_credentials, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetTemporaryDataLocationCredentials"
+        o.http_method = "POST"
+        o.http_request_uri = "/GetTemporaryDataLocationCredentials"
+        o.input = Shapes::ShapeRef.new(shape: GetTemporaryDataLocationCredentialsRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetTemporaryDataLocationCredentialsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationTimeoutException)
+        o.errors << Shapes::ShapeRef.new(shape: GlueEncryptionException)
+        o.errors << Shapes::ShapeRef.new(shape: EntityNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:get_temporary_glue_partition_credentials, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetTemporaryGluePartitionCredentials"
         o.http_method = "POST"

data/lib/aws-sdk-lakeformation/errors.rb CHANGED Viewed

@@ -30,6 +30,7 @@ module Aws::LakeFormation
   # * {AccessDeniedException}
   # * {AlreadyExistsException}
   # * {ConcurrentModificationException}
+  # * {ConflictException}
   # * {EntityNotFoundException}
   # * {ExpiredException}
   # * {GlueEncryptionException}
@@ -97,6 +98,21 @@ module Aws::LakeFormation
       end
     end
+    class ConflictException < ServiceError
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::LakeFormation::Types::ConflictException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
     class EntityNotFoundException < ServiceError
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-lakeformation/types.rb CHANGED Viewed

@@ -445,6 +445,20 @@ module Aws::LakeFormation
       include Aws::Structure
     end
+    # Multiple resources exist with the same Amazon S3 location
+    #
+    # @!attribute [rw] message
+    #   A message describing the problem.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ConflictException AWS API Documentation
+    #
+    class ConflictException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @!attribute [rw] table_data
     #   A `DataCellsFilter` structure containing information about the data
     #   cells filter.
@@ -1803,6 +1817,78 @@ module Aws::LakeFormation
       include Aws::Structure
     end
+    # @!attribute [rw] duration_seconds
+    #   The time period, between 900 and 43,200 seconds, for the timeout of
+    #   the temporary credentials.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] audit_context
+    #   A structure used to include auditing information on the privileged
+    #   API.
+    #   @return [Types::AuditContext]
+    #
+    # @!attribute [rw] data_locations
+    #   The Amazon S3 data location that you want to access.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] credentials_scope
+    #   The credential scope is determined by the caller's Lake Formation
+    #   permission on the associated table. Credential scope can be either:
+    #
+    #   * READ - Provides read-only access to the data location.
+    #
+    #   * READ\_WRITE - Provides both read and write access to the data
+    #     location.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryDataLocationCredentialsRequest AWS API Documentation
+    #
+    class GetTemporaryDataLocationCredentialsRequest < Struct.new(
+      :duration_seconds,
+      :audit_context,
+      :data_locations,
+      :credentials_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] credentials
+    #   A temporary set of credentials for an Lake Formation user. These
+    #   credentials are scoped down to only access the raw data sources that
+    #   the user has access to.
+    #
+    #   The temporary security credentials consist of an access key and a
+    #   session token. The access key consists of an access key ID and a
+    #   secret key. When the credentials are created, they are associated
+    #   with an IAM access control policy that limits what the user can do
+    #   when using the credentials.
+    #   @return [Types::TemporaryCredentials]
+    #
+    # @!attribute [rw] accessible_data_locations
+    #   Refers to the Amazon S3 locations that can be accessed through the
+    #   `GetTemporaryCredentialsForLocation` API operation.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] credentials_scope
+    #   The credential scope is determined by the caller's Lake Formation
+    #   permission on the associated table. Credential scope can be either:
+    #
+    #   * READ - Provides read-only access to the data location.
+    #
+    #   * READ\_WRITE - Provides both read and write access to the data
+    #     location.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryDataLocationCredentialsResponse AWS API Documentation
+    #
+    class GetTemporaryDataLocationCredentialsResponse < Struct.new(
+      :credentials,
+      :accessible_data_locations,
+      :credentials_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @!attribute [rw] table_arn
     #   The ARN of the partitions' table.
     #   @return [String]
@@ -3121,6 +3207,11 @@ module Aws::LakeFormation
     #   supported Lake Formation operations on the registered data location.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_resource_owner_account
+    #   The Amazon Web Services account that owns the Glue tables associated
+    #   with specific Amazon S3 locations.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/RegisterResourceRequest AWS API Documentation
     #
     class RegisterResourceRequest < Struct.new(
@@ -3129,7 +3220,8 @@ module Aws::LakeFormation
       :role_arn,
       :with_federation,
       :hybrid_access_enabled,
-      :with_privileged_access)
+      :with_privileged_access,
+      :expected_resource_owner_account)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3272,6 +3364,26 @@ module Aws::LakeFormation
     #   supported Lake Formation operations on the registered data location.
     #   @return [Boolean]
     #
+    # @!attribute [rw] verification_status
+    #   Indicates whether the registered role has sufficient permissions to
+    #   access registered Amazon S3 location. Verification Status can be one
+    #   of the following:
+    #
+    #   * VERIFIED - Registered role has sufficient permissions to access
+    #     registered Amazon S3 location.
+    #
+    #   * NOT\_VERIFIED - Registered role does not have sufficient
+    #     permissions to access registered Amazon S3 location.
+    #
+    #   * VERIFICATION\_FAILED - Unable to verify if the registered role can
+    #     access the registered Amazon S3 location.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_resource_owner_account
+    #   The Amazon Web Services account that owns the Glue tables associated
+    #   with specific Amazon S3 locations.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/ResourceInfo AWS API Documentation
     #
     class ResourceInfo < Struct.new(
@@ -3280,7 +3392,9 @@ module Aws::LakeFormation
       :last_modified,
       :with_federation,
       :hybrid_access_enabled,
-      :with_privileged_access)
+      :with_privileged_access,
+      :verification_status,
+      :expected_resource_owner_account)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3793,6 +3907,43 @@ module Aws::LakeFormation
       include Aws::Structure
     end
+    # A temporary set of credentials for an Lake Formation user. These
+    # credentials are scoped down to only access the raw data sources that
+    # the user has access to.
+    #
+    # The temporary security credentials consist of an access key and a
+    # session token. The access key consists of an access key ID and a
+    # secret key. When the credentials are created, they are associated with
+    # an IAM access control policy that limits what the user can do when
+    # using the credentials.
+    #
+    # @!attribute [rw] access_key_id
+    #   The access key ID for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret key for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   The session token for the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the temporary credentials expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/TemporaryCredentials AWS API Documentation
+    #
+    class TemporaryCredentials < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token,
+      :expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Contains details about an error where the query request was throttled.
     #
     # @!attribute [rw] message
@@ -4039,13 +4190,19 @@ module Aws::LakeFormation
     #   S3 bucket policies.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_resource_owner_account
+    #   The Amazon Web Services account that owns the Glue tables associated
+    #   with specific Amazon S3 locations.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/UpdateResourceRequest AWS API Documentation
     #
     class UpdateResourceRequest < Struct.new(
       :role_arn,
       :resource_arn,
       :with_federation,
-      :hybrid_access_enabled)
+      :hybrid_access_enabled,
+      :expected_resource_owner_account)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-lakeformation.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Aws::LakeFormation
   autoload :EndpointProvider, 'aws-sdk-lakeformation/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-lakeformation/endpoints'
-  GEM_VERSION = '1.83.0'
+  GEM_VERSION = '1.84.0'
 end

data/sig/client.rbs CHANGED Viewed

@@ -856,6 +856,23 @@ module Aws
                              ) -> _GetTableObjectsResponseSuccess
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetTableObjectsResponseSuccess
+      interface _GetTemporaryDataLocationCredentialsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetTemporaryDataLocationCredentialsResponse]
+        def credentials: () -> Types::TemporaryCredentials
+        def accessible_data_locations: () -> ::Array[::String]
+        def credentials_scope: () -> ("READ" | "READWRITE")
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/LakeFormation/Client.html#get_temporary_data_location_credentials-instance_method
+      def get_temporary_data_location_credentials: (
+                                                     ?duration_seconds: ::Integer,
+                                                     ?audit_context: {
+                                                       additional_audit_context: ::String?
+                                                     },
+                                                     ?data_locations: Array[::String],
+                                                     ?credentials_scope: ("READ" | "READWRITE")
+                                                   ) -> _GetTemporaryDataLocationCredentialsResponseSuccess
+                                                 | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetTemporaryDataLocationCredentialsResponseSuccess
       interface _GetTemporaryGluePartitionCredentialsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetTemporaryGluePartitionCredentialsResponse]
         def access_key_id: () -> ::String
@@ -1299,7 +1316,8 @@ module Aws
                                ?role_arn: ::String,
                                ?with_federation: bool,
                                ?hybrid_access_enabled: bool,
-                               ?with_privileged_access: bool
+                               ?with_privileged_access: bool,
+                               ?expected_resource_owner_account: ::String
                              ) -> _RegisterResourceResponseSuccess
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _RegisterResourceResponseSuccess
@@ -1603,7 +1621,8 @@ module Aws
                              role_arn: ::String,
                              resource_arn: ::String,
                              ?with_federation: bool,
-                             ?hybrid_access_enabled: bool
+                             ?hybrid_access_enabled: bool,
+                             ?expected_resource_owner_account: ::String
                            ) -> _UpdateResourceResponseSuccess
                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateResourceResponseSuccess

data/sig/errors.rbs CHANGED Viewed

@@ -20,6 +20,9 @@ module Aws
       class ConcurrentModificationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class ConflictException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class EntityNotFoundException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end

data/sig/types.rbs CHANGED Viewed

@@ -144,6 +144,11 @@ module Aws::LakeFormation
       SENSITIVE: []
     end
+    class ConflictException
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
     class CreateDataCellsFilterRequest
       attr_accessor table_data: Types::DataCellsFilter
       SENSITIVE: []
@@ -534,6 +539,21 @@ module Aws::LakeFormation
       SENSITIVE: []
     end
+    class GetTemporaryDataLocationCredentialsRequest
+      attr_accessor duration_seconds: ::Integer
+      attr_accessor audit_context: Types::AuditContext
+      attr_accessor data_locations: ::Array[::String]
+      attr_accessor credentials_scope: ("READ" | "READWRITE")
+      SENSITIVE: []
+    end
+    class GetTemporaryDataLocationCredentialsResponse
+      attr_accessor credentials: Types::TemporaryCredentials
+      attr_accessor accessible_data_locations: ::Array[::String]
+      attr_accessor credentials_scope: ("READ" | "READWRITE")
+      SENSITIVE: []
+    end
     class GetTemporaryGluePartitionCredentialsRequest
       attr_accessor table_arn: ::String
       attr_accessor partition: Types::PartitionValueList
@@ -894,6 +914,7 @@ module Aws::LakeFormation
       attr_accessor with_federation: bool
       attr_accessor hybrid_access_enabled: bool
       attr_accessor with_privileged_access: bool
+      attr_accessor expected_resource_owner_account: ::String
       SENSITIVE: []
     end
@@ -932,6 +953,8 @@ module Aws::LakeFormation
       attr_accessor with_federation: bool
       attr_accessor hybrid_access_enabled: bool
       attr_accessor with_privileged_access: bool
+      attr_accessor verification_status: ("VERIFIED" | "VERIFICATION_FAILED" | "NOT_VERIFIED")
+      attr_accessor expected_resource_owner_account: ::String
       SENSITIVE: []
     end
@@ -1079,6 +1102,14 @@ module Aws::LakeFormation
       SENSITIVE: []
     end
+    class TemporaryCredentials
+      attr_accessor access_key_id: ::String
+      attr_accessor secret_access_key: ::String
+      attr_accessor session_token: ::String
+      attr_accessor expiration: ::Time
+      SENSITIVE: []
+    end
     class ThrottledException
       attr_accessor message: ::String
       SENSITIVE: []
@@ -1154,6 +1185,7 @@ module Aws::LakeFormation
       attr_accessor resource_arn: ::String
       attr_accessor with_federation: bool
       attr_accessor hybrid_access_enabled: bool
+      attr_accessor expected_resource_owner_account: ::String
       SENSITIVE: []
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-lakeformation
 version: !ruby/object:Gem::Version
-  version: 1.83.0
+  version: 1.84.0
 platform: ruby
 authors:
 - Amazon Web Services