GetTemporaryGluePartitionCredentials - Lake Formation
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

GetTemporaryGluePartitionCredentials

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.

Request Syntax

{
   "AuditContext": { 
      "AdditionalAuditContext": "string"
   },
   "DurationSeconds": number,
   "Partition": { 
      "Values": [ "string" ]
   },
   "Permissions": [ "string" ],
   "SupportedPermissionTypes": [ "string" ],
   "TableArn": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AuditContext

A structure representing context to access a resource (column names, query ID, etc).

Type: AuditContext object

Required: No

DurationSeconds

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

Type: Integer

Valid Range: Minimum value of 900. Maximum value of 43200.

Required: No

Partition

A list of partition values identifying a single partition.

Type: PartitionValueList object

Required: Yes

Permissions

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

Type: Array of strings

Valid Values: ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER

Required: No

SupportedPermissionTypes

A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 255 items.

Valid Values: COLUMN_PERMISSION | CELL_FILTER_PERMISSION | NESTED_PERMISSION | NESTED_CELL_PERMISSION

Required: No

TableArn

The ARN of the partitions' table.

Type: String

Required: Yes

Response Syntax

{
   "AccessKeyId": "string",
   "Expiration": number,
   "SecretAccessKey": "string",
   "SessionToken": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AccessKeyId

The access key ID for the temporary credentials.

Type: String

Expiration

The date and time when the temporary credentials expire.

Type: Timestamp

SecretAccessKey

The secret key for the temporary credentials.

Type: String

SessionToken

The session token for the temporary credentials.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access to a resource was denied.

HTTP Status Code: 400

EntityNotFoundException

A specified entity does not exist.

HTTP Status Code: 400

InternalServiceException

An internal service error occurred.

HTTP Status Code: 500

InvalidInputException

The input provided was not valid.

HTTP Status Code: 400

OperationTimeoutException

The operation timed out.

HTTP Status Code: 400

PermissionTypeMismatchException

The engine does not support filtering data based on the enforced permissions. For example, if you call the GetTemporaryGlueTableCredentials operation with SupportedPermissionType equal to ColumnPermission, but cell-level permissions exist on the table, this exception is thrown.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: