(constructor)

[configuration]

Constructs a new instance of the <code>LakeFormationClient</code> class

config

The resolved configuration of LakeFormationClient class. This is resolved and normalized from the [constructor configuration interface](@aws-sdk/client-lakeformation!LakeFormationClientConfig:Interface).

destroy

Destroy underlying resources, like sockets. It's usually not necessary to do this. However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. Otherwise, sockets might stay open for quite a long time before the server terminates them.

middlewareStack

send

command

options

LakeFormationClient

<fullname>Lake Formation</fullname> Defines the public endpoint for the Lake Formation service.

defaultsMode

The [@smithy/smithy-client#DefaultsMode](@smithy/smithy-client!DefaultsMode:type) that will be used to determine how certain default configuration options are resolved in the SDK.

disableHostPrefix

Disable dynamically changing the endpoint of the client based on the hostPrefix trait of an operation.

extensions

logger

Optional logger for logging debug/info/warn/error.

maxAttempts

Value for how many times a request will be made at most in case of retry.

profile

Setting a client profile is similar to setting a value for the AWS_PROFILE environment variable. Setting a profile on a client in code only affects the single client instance, unlike AWS_PROFILE.When set, and only for environments where an AWS configuration file exists, fields configurable by this file will be retrieved from the specified profile within that file. Conflicting code configuration and environment variables will still have higher priority.For client credential resolution that involves checking the AWS configuration file, the client's profile (this value) will be used unless a different profile is set in the credential provider options.

region

The AWS region to which this client will send requests

requestHandler

The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.

retryMode

useDualstackEndpoint

useFipsEndpoint

ClientDefaults

AddLFTagsToResourceCommand

Attaches one or more LF-tags to an existing resource.

AssumeDecoratedRoleWithSAMLCommand

Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session. This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API <code>GetDataAccess</code>. Therefore, all SAML roles that can be assumed via <code>AssumeDecoratedRoleWithSAML</code> must at a minimum include <code>lakeformation:GetDataAccess</code> in their role policies. A typical IAM policy attached to such a role would look as follows:

BatchGrantPermissionsCommand

Batch operation to grant permissions to the principal.

BatchRevokePermissionsCommand

Batch operation to revoke permissions from the principal.

CancelTransactionCommand

Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.

CommitTransactionCommand

Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.

CreateDataCellsFilterCommand

Creates a data cell filter to allow one to grant access to certain columns on certain rows.

CreateLFTagCommand

Creates an LF-tag with the specified name and values.

CreateLFTagExpressionCommand

Creates a new LF-Tag expression with the provided name, description, catalog ID, and expression body. This call fails if a LF-Tag expression with the same name already exists in the caller’s account or if the underlying LF-Tags don't exist. To call this API operation, caller needs the following Lake Formation permissions: <code>CREATE_LF_TAG_EXPRESSION</code> on the root catalog resource. <code>GRANT_WITH_LF_TAG_EXPRESSION</code> on all underlying LF-Tag key:value pairs included in the expression.

CreateLakeFormationIdentityCenterConfigurationCommand

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

CreateLakeFormationOptInCommand

Enforce Lake Formation permissions for the given databases, tables, and principals.

DeleteDataCellsFilterCommand

DeleteLFTagCommand

Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the <code>LFTagPolicy</code> attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.

DeleteLFTagExpressionCommand

Deletes the LF-Tag expression. The caller must be a data lake admin or have <code>DROP</code> permissions on the LF-Tag expression. Deleting a LF-Tag expression will also delete all <code>LFTagPolicy</code> permissions referencing the LF-Tag expression.

DeleteLakeFormationIdentityCenterConfigurationCommand

Deletes an IAM Identity Center connection with Lake Formation.

DeleteLakeFormationOptInCommand

Remove the Lake Formation permissions enforcement of the given databases, tables, and principals.

DeleteObjectsOnCancelCommand

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels. The Glue ETL library function <code>write_dynamic_frame.from_catalog()</code> includes an option to automatically call <code>DeleteObjectsOnCancel</code> before writes. For more information, see <a href="https://docs.aws.amazon.com/lake-formation/latest/dg/transactions-data-operations.html#rolling-back-writes">Rolling Back Amazon S3 Writes</a>.

DeregisterResourceCommand

Deregisters the resource as managed by the Data Catalog. When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

DescribeLakeFormationIdentityCenterConfigurationCommand

Retrieves the instance ARN and application ARN for the connection.

DescribeResourceCommand

Retrieves the current data access role for the given resource registered in Lake Formation.

DescribeTransactionCommand

Returns the details of a single transaction.

ExtendTransactionCommand

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted. Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.

GetDataCellsFilterCommand

GetDataLakePrincipalCommand

Returns the identity of the invoking principal.

GetDataLakeSettingsCommand

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

GetEffectivePermissionsForPathCommand

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. <code>GetEffectivePermissionsForPath</code> will not return databases and tables if the catalog is encrypted.

GetLFTagCommand

GetLFTagExpressionCommand

Returns the details about the LF-Tag expression. The caller must be a data lake admin or must have <code>DESCRIBE</code> permission on the LF-Tag expression resource.

GetQueryStateCommand

Returns the state of a query previously submitted. Clients are expected to poll <code>GetQueryState</code> to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to <code>StartQueryPlanning</code>.

GetQueryStatisticsCommand

Retrieves statistics on the planning and execution of a query.

GetResourceLFTagsCommand

Returns the LF-tags applied to a resource.

GetTableObjectsCommand

Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.

GetTemporaryGluePartitionCredentialsCommand

This API is identical to <code>GetTemporaryTableCredentials</code> except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

GetTemporaryGlueTableCredentialsCommand

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix. To call this API, the role that the service assumes must have <code>lakeformation:GetDataAccess</code> permission on the resource.

GetWorkUnitResultsCommand

Returns the work units resulting from the query. Work units can be executed in any order and in parallel.

GetWorkUnitsCommand

Retrieves the work units generated by the <code>StartQueryPlanning</code> operation.

GrantPermissionsCommand

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. For information about permissions, see <a href="https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html">Security and Access Control to Metadata and Data</a>.

ListDataCellsFilterCommand

Lists all the data cell filters on a table.

ListLFTagExpressionsCommand

Returns the LF-Tag expressions in caller’s account filtered based on caller's permissions. Data Lake and read only admins implicitly can see all tag expressions in their account, else caller needs DESCRIBE permissions on tag expression.

ListLFTagsCommand

Lists LF-tags that the requester has permission to view.

ListLakeFormationOptInsCommand

Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions.

ListPermissionsCommand

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER. This operation returns only those permissions that have been explicitly granted. For information about permissions, see <a href="https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html">Security and Access Control to Metadata and Data</a>.

ListResourcesCommand

Lists the resources registered to be managed by the Data Catalog.

ListTableStorageOptimizersCommand

Returns the configuration of all storage optimizers associated with a specified table.

ListTransactionsCommand

Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned. This operation can help you identify uncommitted transactions or to get information about transactions.

PutDataLakeSettingsCommand

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see <a href="https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html">Granting Lake Formation Permissions</a>. This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

RegisterResourceCommand

Registers the resource as managed by the Data Catalog. To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy. The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location. <code>ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true</code> If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>: <code>arn:aws:iam::12345:role/my-data-access-role</code>

RemoveLFTagsFromResourceCommand

Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in <code>tableWithColumns</code> to specify column input.

RevokePermissionsCommand

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

SearchDatabasesByLFTagsCommand

This operation allows a search on <code>DATABASE</code> resources by <code>TagCondition</code>. This operation is used by admins who want to grant user permissions on certain <code>TagConditions</code>. Before making a grant, the admin can use <code>SearchDatabasesByTags</code> to find all resources where the given <code>TagConditions</code> are valid to verify whether the returned resources can be shared.

SearchTablesByLFTagsCommand

This operation allows a search on <code>TABLE</code> resources by <code>LFTag</code>s. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use <code>SearchTablesByLFTags</code> to find all resources where the given <code>LFTag</code>s are valid to verify whether the returned resources can be shared.

StartQueryPlanningCommand

Submits a request to process a query statement. This operation generates work units that can be retrieved with the <code>GetWorkUnits</code> operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.

StartTransactionCommand

Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.

UpdateDataCellsFilterCommand

UpdateLFTagCommand

Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the LF-tag key's value.

UpdateLFTagExpressionCommand

Updates the name of the LF-Tag expression to the new description and expression body provided. Updating a LF-Tag expression immediately changes the permission boundaries of all existing <code>LFTagPolicy</code> permission grants that reference the given LF-Tag expression.

UpdateLakeFormationIdentityCenterConfigurationCommand

Updates the IAM Identity Center connection parameters.

UpdateResourceCommand

Updates the data access role used for vending access to the given (registered) resource in Lake Formation.

UpdateTableObjectsCommand

Updates the manifest of Amazon S3 objects that make up the specified governed table.

UpdateTableStorageOptimizerCommand

Updates the configuration of the storage optimizers for a table.