This product is not supported for your selected Datadog site. ().

aws_lakeformation_permissions

account_id

Type: STRING

principal_resource_permissions

Type: UNORDERED_LIST_STRUCT
Provider name: PrincipalResourcePermissions
Description: A list of principals and their permissions on the resource for the specified principal and resource types.

  • additional_details
    Type: STRUCT
    Provider name: AdditionalDetails
    Description: This attribute can be used to return any additional details of PrincipalResourcePermissions. Currently returns only as a RAM resource share ARN.
    • resource_share
      Type: UNORDERED_LIST_STRING
      Provider name: ResourceShare
      Description: A resource share ARN for a catalog resource shared through RAM.
  • condition
    Type: STRUCT
    Provider name: Condition
    Description: A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.
    • expression
      Type: STRING
      Provider name: Expression
      Description: An expression written based on the Cedar Policy Language used to match the principal attributes.
  • last_updated
    Type: TIMESTAMP
    Provider name: LastUpdated
    Description: The date and time when the resource was last updated.
  • last_updated_by
    Type: STRING
    Provider name: LastUpdatedBy
    Description: The user who updated the record.
  • permissions
    Type: UNORDERED_LIST_STRING
    Provider name: Permissions
    Description: The permissions to be granted or revoked on the resource.
  • permissions_with_grant_option
    Type: UNORDERED_LIST_STRING
    Provider name: PermissionsWithGrantOption
    Description: Indicates whether to grant the ability to grant permissions (as a subset of permissions granted).
  • principal
    Type: STRUCT
    Provider name: Principal
    Description: The Data Lake principal to be granted or revoked permissions.
    • data_lake_principal_identifier
      Type: STRING
      Provider name: DataLakePrincipalIdentifier
      Description: An identifier for the Lake Formation principal.
  • resource
    Type: STRUCT
    Provider name: Resource
    Description: The resource where permissions are to be granted or revoked.
    • catalog
      Type: STRUCT
      Provider name: Catalog
      Description: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
      • id
        Type: STRING
        Provider name: Id
        Description: An identifier for the catalog resource.
    • data_cells_filter
      Type: STRUCT
      Provider name: DataCellsFilter
      Description: A data cell filter.
      • database_name
        Type: STRING
        Provider name: DatabaseName
        Description: A database in the Glue Data Catalog.
      • name
        Type: STRING
        Provider name: Name
        Description: The name of the data cells filter.
      • table_catalog_id
        Type: STRING
        Provider name: TableCatalogId
        Description: The ID of the catalog to which the table belongs.
      • table_name
        Type: STRING
        Provider name: TableName
        Description: The name of the table.
    • data_location
      Type: STRUCT
      Provider name: DataLocation
      Description: The location of an Amazon S3 path where permissions are granted or revoked.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.
      • resource_arn
        Type: STRING
        Provider name: ResourceArn
        Description: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.
    • database
      Type: STRUCT
      Provider name: Database
      Description: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, it is the account ID of the caller.
      • name
        Type: STRING
        Provider name: Name
        Description: The name of the database resource. Unique to the Data Catalog.
    • lf_tag
      Type: STRUCT
      Provider name: LFTag
      Description: The LF-tag key and values attached to a resource.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
      • tag_key
        Type: STRING
        Provider name: TagKey
        Description: The key-name for the LF-tag.
      • tag_values
        Type: UNORDERED_LIST_STRING
        Provider name: TagValues
        Description: A list of possible values an attribute can take.
    • lf_tag_expression
      Type: STRUCT
      Provider name: LFTagExpression
      Description: LF-Tag expression resource. A logical expression composed of one or more LF-Tag key:value pairs.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, the account ID.
      • name
        Type: STRING
        Provider name: Name
        Description: The name of the LF-Tag expression to grant permissions on.
    • lf_tag_policy
      Type: STRUCT
      Provider name: LFTagPolicy
      Description: A list of LF-tag conditions or saved LF-Tag expressions that define a resource’s LF-tag policy.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
      • expression
        Type: UNORDERED_LIST_STRUCT
        Provider name: Expression
        Description: A list of LF-tag conditions or a saved expression that apply to the resource’s LF-tag policy.
        • tag_key
          Type: STRING
          Provider name: TagKey
          Description: The key-name for the LF-tag.
        • tag_values
          Type: UNORDERED_LIST_STRING
          Provider name: TagValues
          Description: A list of possible values an attribute can take. The maximum number of values that can be defined for a LF-Tag is 1000. A single API call supports 50 values. You can use multiple API calls to add more values.
      • expression_name
        Type: STRING
        Provider name: ExpressionName
        Description: If provided, permissions are granted to the Data Catalog resources whose assigned LF-Tags match the expression body of the saved expression under the provided ExpressionName.
      • resource_type
        Type: STRING
        Provider name: ResourceType
        Description: The resource type for which the LF-tag policy applies.
    • table
      Type: STRUCT
      Provider name: Table
      Description: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, it is the account ID of the caller.
      • database_name
        Type: STRING
        Provider name: DatabaseName
        Description: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
      • name
        Type: STRING
        Provider name: Name
        Description: The name of the table.
      • table_wildcard
        Type: STRUCT
        Provider name: TableWildcard
        Description: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.
    • table_with_columns
      Type: STRUCT
      Provider name: TableWithColumns
      Description: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.
      • catalog_id
        Type: STRING
        Provider name: CatalogId
        Description: The identifier for the Data Catalog. By default, it is the account ID of the caller.
      • column_names
        Type: UNORDERED_LIST_STRING
        Provider name: ColumnNames
        Description: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
      • column_wildcard
        Type: STRUCT
        Provider name: ColumnWildcard
        Description: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.
        • excluded_column_names
          Type: UNORDERED_LIST_STRING
          Provider name: ExcludedColumnNames
          Description: Excludes column names. Any column with this name will be excluded.
      • database_name
        Type: STRING
        Provider name: DatabaseName
        Description: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
      • name
        Type: STRING
        Provider name: Name
        Description: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.

tags

Type: UNORDERED_LIST_STRING