AWS v6.74.0, Mar 26 25

AWS v6.74.0 published on Wednesday, Mar 26, 2025 by Pulumi

aws.lakeformation.DataLakeSettings

Explore with Pulumi AI

AWS v6.74.0 published on Wednesday, Mar 26, 2025 by Pulumi

Example Usage
Data Lake Admins
Create Default Permissions
Enable EMR access to LakeFormation resources
Change Cross Account Version
Create DataLakeSettings Resource
Constructor syntax
Constructor example
DataLakeSettings Resource Properties
Inputs
Outputs
Look up Existing DataLakeSettings Resource
Supporting Types
Package Details

Request a Change

Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.

NOTE: Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the IAMAllowedPrincipals principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see Changing the Default Security Settings for Your Data Lake and Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {admins: [
    test.arn,
    testAwsIamRole.arn,
]});

import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example", admins=[
    test["arn"],
    test_aws_iam_role["arn"],
])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(            
                test.arn(),
                testAwsIamRole.arn())
            .build());

    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}

Create Default Permissions

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        test.arn,
        testAwsIamRole.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: testAwsIamRole.arn,
    }],
});

import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ],
    create_database_default_permissions=[{
        "permissions": [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        "principal": test["arn"],
    }],
    create_table_default_permissions=[{
        "permissions": ["ALL"],
        "principal": test_aws_iam_role["arn"],
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(testAwsIamRole.Arn),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = testAwsIamRole.Arn,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(            
                test.arn(),
                testAwsIamRole.arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(                
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(test.arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(testAwsIamRole.arn())
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${testAwsIamRole.arn}

Enable EMR access to LakeFormation resources

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {
    admins: [
        test.arn,
        testAwsIamRole.arn,
    ],
    createDatabaseDefaultPermissions: [{
        permissions: [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        principal: test.arn,
    }],
    createTableDefaultPermissions: [{
        permissions: ["ALL"],
        principal: testAwsIamRole.arn,
    }],
    allowExternalDataFiltering: true,
    externalDataFilteringAllowLists: [
        current.accountId,
        thirdParty.accountId,
    ],
    authorizedSessionTagValueLists: ["Amazon EMR"],
    allowFullTableExternalDataAccess: true,
});

import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example",
    admins=[
        test["arn"],
        test_aws_iam_role["arn"],
    ],
    create_database_default_permissions=[{
        "permissions": [
            "SELECT",
            "ALTER",
            "DROP",
        ],
        "principal": test["arn"],
    }],
    create_table_default_permissions=[{
        "permissions": ["ALL"],
        "principal": test_aws_iam_role["arn"],
    }],
    allow_external_data_filtering=True,
    external_data_filtering_allow_lists=[
        current["accountId"],
        third_party["accountId"],
    ],
    authorized_session_tag_value_lists=["Amazon EMR"],
    allow_full_table_external_data_access=True)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Admins: pulumi.StringArray{
				test.Arn,
				testAwsIamRole.Arn,
			},
			CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("SELECT"),
						pulumi.String("ALTER"),
						pulumi.String("DROP"),
					},
					Principal: pulumi.Any(test.Arn),
				},
			},
			CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
				&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("ALL"),
					},
					Principal: pulumi.Any(testAwsIamRole.Arn),
				},
			},
			AllowExternalDataFiltering: pulumi.Bool(true),
			ExternalDataFilteringAllowLists: pulumi.StringArray{
				current.AccountId,
				thirdParty.AccountId,
			},
			AuthorizedSessionTagValueLists: pulumi.StringArray{
				pulumi.String("Amazon EMR"),
			},
			AllowFullTableExternalDataAccess: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Admins = new[]
        {
            test.Arn,
            testAwsIamRole.Arn,
        },
        CreateDatabaseDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "SELECT",
                    "ALTER",
                    "DROP",
                },
                Principal = test.Arn,
            },
        },
        CreateTableDefaultPermissions = new[]
        {
            new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
            {
                Permissions = new[]
                {
                    "ALL",
                },
                Principal = testAwsIamRole.Arn,
            },
        },
        AllowExternalDataFiltering = true,
        ExternalDataFilteringAllowLists = new[]
        {
            current.AccountId,
            thirdParty.AccountId,
        },
        AuthorizedSessionTagValueLists = new[]
        {
            "Amazon EMR",
        },
        AllowFullTableExternalDataAccess = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs;
import com.pulumi.aws.lakeformation.inputs.DataLakeSettingsCreateTableDefaultPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .admins(            
                test.arn(),
                testAwsIamRole.arn())
            .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
                .permissions(                
                    "SELECT",
                    "ALTER",
                    "DROP")
                .principal(test.arn())
                .build())
            .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
                .permissions("ALL")
                .principal(testAwsIamRole.arn())
                .build())
            .allowExternalDataFiltering(true)
            .externalDataFilteringAllowLists(            
                current.accountId(),
                thirdParty.accountId())
            .authorizedSessionTagValueLists("Amazon EMR")
            .allowFullTableExternalDataAccess(true)
            .build());

    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      admins:
        - ${test.arn}
        - ${testAwsIamRole.arn}
      createDatabaseDefaultPermissions:
        - permissions:
            - SELECT
            - ALTER
            - DROP
          principal: ${test.arn}
      createTableDefaultPermissions:
        - permissions:
            - ALL
          principal: ${testAwsIamRole.arn}
      allowExternalDataFiltering: true
      externalDataFilteringAllowLists:
        - ${current.accountId}
        - ${thirdParty.accountId}
      authorizedSessionTagValueLists:
        - Amazon EMR
      allowFullTableExternalDataAccess: true

Change Cross Account Version

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lakeformation.DataLakeSettings("example", {parameters: {
    CROSS_ACCOUNT_VERSION: "3",
}});

import pulumi
import pulumi_aws as aws

example = aws.lakeformation.DataLakeSettings("example", parameters={
    "CROSS_ACCOUNT_VERSION": "3",
})

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lakeformation.NewDataLakeSettings(ctx, "example", &lakeformation.DataLakeSettingsArgs{
			Parameters: pulumi.StringMap{
				"CROSS_ACCOUNT_VERSION": pulumi.String("3"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LakeFormation.DataLakeSettings("example", new()
    {
        Parameters = 
        {
            { "CROSS_ACCOUNT_VERSION", "3" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.DataLakeSettings;
import com.pulumi.aws.lakeformation.DataLakeSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DataLakeSettings("example", DataLakeSettingsArgs.builder()
            .parameters(Map.of("CROSS_ACCOUNT_VERSION", "3"))
            .build());

    }
}

resources:
  example:
    type: aws:lakeformation:DataLakeSettings
    properties:
      parameters:
        CROSS_ACCOUNT_VERSION: '3'

Create DataLakeSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new DataLakeSettings(name: string, args?: DataLakeSettingsArgs, opts?: CustomResourceOptions);

@overload
def DataLakeSettings(resource_name: str,
                     args: Optional[DataLakeSettingsArgs] = None,
                     opts: Optional[ResourceOptions] = None)

@overload
def DataLakeSettings(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     admins: Optional[Sequence[str]] = None,
                     allow_external_data_filtering: Optional[bool] = None,
                     allow_full_table_external_data_access: Optional[bool] = None,
                     authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
                     catalog_id: Optional[str] = None,
                     create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
                     create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
                     external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
                     parameters: Optional[Mapping[str, str]] = None,
                     read_only_admins: Optional[Sequence[str]] = None,
                     trusted_resource_owners: Optional[Sequence[str]] = None)

func NewDataLakeSettings(ctx *Context, name string, args *DataLakeSettingsArgs, opts ...ResourceOption) (*DataLakeSettings, error)

public DataLakeSettings(string name, DataLakeSettingsArgs? args = null, CustomResourceOptions? opts = null)

public DataLakeSettings(String name, DataLakeSettingsArgs args)
public DataLakeSettings(String name, DataLakeSettingsArgs args, CustomResourceOptions options)

type: aws:lakeformation:DataLakeSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DataLakeSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DataLakeSettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DataLakeSettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DataLakeSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DataLakeSettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var dataLakeSettingsResource = new Aws.LakeFormation.DataLakeSettings("dataLakeSettingsResource", new()
{
    Admins = new[]
    {
        "string",
    },
    AllowExternalDataFiltering = false,
    AllowFullTableExternalDataAccess = false,
    AuthorizedSessionTagValueLists = new[]
    {
        "string",
    },
    CatalogId = "string",
    CreateDatabaseDefaultPermissions = new[]
    {
        new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs
        {
            Permissions = new[]
            {
                "string",
            },
            Principal = "string",
        },
    },
    CreateTableDefaultPermissions = new[]
    {
        new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs
        {
            Permissions = new[]
            {
                "string",
            },
            Principal = "string",
        },
    },
    ExternalDataFilteringAllowLists = new[]
    {
        "string",
    },
    Parameters = 
    {
        { "string", "string" },
    },
    ReadOnlyAdmins = new[]
    {
        "string",
    },
    TrustedResourceOwners = new[]
    {
        "string",
    },
});

example, err := lakeformation.NewDataLakeSettings(ctx, "dataLakeSettingsResource", &lakeformation.DataLakeSettingsArgs{
	Admins: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowExternalDataFiltering:       pulumi.Bool(false),
	AllowFullTableExternalDataAccess: pulumi.Bool(false),
	AuthorizedSessionTagValueLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	CatalogId: pulumi.String("string"),
	CreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{
		&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{
			Permissions: pulumi.StringArray{
				pulumi.String("string"),
			},
			Principal: pulumi.String("string"),
		},
	},
	CreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{
		&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{
			Permissions: pulumi.StringArray{
				pulumi.String("string"),
			},
			Principal: pulumi.String("string"),
		},
	},
	ExternalDataFilteringAllowLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Parameters: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ReadOnlyAdmins: pulumi.StringArray{
		pulumi.String("string"),
	},
	TrustedResourceOwners: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var dataLakeSettingsResource = new DataLakeSettings("dataLakeSettingsResource", DataLakeSettingsArgs.builder()
    .admins("string")
    .allowExternalDataFiltering(false)
    .allowFullTableExternalDataAccess(false)
    .authorizedSessionTagValueLists("string")
    .catalogId("string")
    .createDatabaseDefaultPermissions(DataLakeSettingsCreateDatabaseDefaultPermissionArgs.builder()
        .permissions("string")
        .principal("string")
        .build())
    .createTableDefaultPermissions(DataLakeSettingsCreateTableDefaultPermissionArgs.builder()
        .permissions("string")
        .principal("string")
        .build())
    .externalDataFilteringAllowLists("string")
    .parameters(Map.of("string", "string"))
    .readOnlyAdmins("string")
    .trustedResourceOwners("string")
    .build());

data_lake_settings_resource = aws.lakeformation.DataLakeSettings("dataLakeSettingsResource",
    admins=["string"],
    allow_external_data_filtering=False,
    allow_full_table_external_data_access=False,
    authorized_session_tag_value_lists=["string"],
    catalog_id="string",
    create_database_default_permissions=[{
        "permissions": ["string"],
        "principal": "string",
    }],
    create_table_default_permissions=[{
        "permissions": ["string"],
        "principal": "string",
    }],
    external_data_filtering_allow_lists=["string"],
    parameters={
        "string": "string",
    },
    read_only_admins=["string"],
    trusted_resource_owners=["string"])

const dataLakeSettingsResource = new aws.lakeformation.DataLakeSettings("dataLakeSettingsResource", {
    admins: ["string"],
    allowExternalDataFiltering: false,
    allowFullTableExternalDataAccess: false,
    authorizedSessionTagValueLists: ["string"],
    catalogId: "string",
    createDatabaseDefaultPermissions: [{
        permissions: ["string"],
        principal: "string",
    }],
    createTableDefaultPermissions: [{
        permissions: ["string"],
        principal: "string",
    }],
    externalDataFilteringAllowLists: ["string"],
    parameters: {
        string: "string",
    },
    readOnlyAdmins: ["string"],
    trustedResourceOwners: ["string"],
});

type: aws:lakeformation:DataLakeSettings
properties:
    admins:
        - string
    allowExternalDataFiltering: false
    allowFullTableExternalDataAccess: false
    authorizedSessionTagValueLists:
        - string
    catalogId: string
    createDatabaseDefaultPermissions:
        - permissions:
            - string
          principal: string
    createTableDefaultPermissions:
        - permissions:
            - string
          principal: string
    externalDataFilteringAllowLists:
        - string
    parameters:
        string: string
    readOnlyAdmins:
        - string
    trustedResourceOwners:
        - string

DataLakeSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DataLakeSettings resource accepts the following input properties:

Admins List<string>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
AllowExternalDataFiltering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
AllowFullTableExternalDataAccess bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
AuthorizedSessionTagValueLists List<string>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
CatalogId string: Identifier for the Data Catalog. By default, the account ID.
CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
ExternalDataFilteringAllowLists List<string>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
Parameters Dictionary<string, string>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
ReadOnlyAdmins List<string>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
TrustedResourceOwners List<string>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

Admins []string: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
AllowExternalDataFiltering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
AllowFullTableExternalDataAccess bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
AuthorizedSessionTagValueLists []string: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
CatalogId string: Identifier for the Data Catalog. By default, the account ID.
CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
ExternalDataFilteringAllowLists []string: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
Parameters map[string]string: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
ReadOnlyAdmins []string: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
TrustedResourceOwners []string: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering Boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess Boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists List<String>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId String: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists List<String>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Map<String,String>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners List<String>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins string[]: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists string[]: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId string: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists string[]: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters {[key: string]: string}: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins string[]: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners string[]: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins Sequence[str]: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allow_external_data_filtering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allow_full_table_external_data_access bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorized_session_tag_value_lists Sequence[str]: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalog_id str: Identifier for the Data Catalog. By default, the account ID.
create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
external_data_filtering_allow_lists Sequence[str]: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Mapping[str, str]: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
read_only_admins Sequence[str]: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trusted_resource_owners Sequence[str]: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering Boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess Boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists List<String>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId String: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions List<Property Map>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions List<Property Map>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists List<String>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Map<String>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners List<String>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

Outputs

All input properties are implicitly available as output properties. Additionally, the DataLakeSettings resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing DataLakeSettings Resource

Get an existing DataLakeSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: DataLakeSettingsState, opts?: CustomResourceOptions): DataLakeSettings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admins: Optional[Sequence[str]] = None,
        allow_external_data_filtering: Optional[bool] = None,
        allow_full_table_external_data_access: Optional[bool] = None,
        authorized_session_tag_value_lists: Optional[Sequence[str]] = None,
        catalog_id: Optional[str] = None,
        create_database_default_permissions: Optional[Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]] = None,
        create_table_default_permissions: Optional[Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]] = None,
        external_data_filtering_allow_lists: Optional[Sequence[str]] = None,
        parameters: Optional[Mapping[str, str]] = None,
        read_only_admins: Optional[Sequence[str]] = None,
        trusted_resource_owners: Optional[Sequence[str]] = None) -> DataLakeSettings

func GetDataLakeSettings(ctx *Context, name string, id IDInput, state *DataLakeSettingsState, opts ...ResourceOption) (*DataLakeSettings, error)

public static DataLakeSettings Get(string name, Input<string> id, DataLakeSettingsState? state, CustomResourceOptions? opts = null)

public static DataLakeSettings get(String name, Output<String> id, DataLakeSettingsState state, CustomResourceOptions options)

resources:  _:    type: aws:lakeformation:DataLakeSettings    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Admins List<string>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
AllowExternalDataFiltering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
AllowFullTableExternalDataAccess bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
AuthorizedSessionTagValueLists List<string>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
CatalogId string: Identifier for the Data Catalog. By default, the account ID.
CreateDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
CreateTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
ExternalDataFilteringAllowLists List<string>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
Parameters Dictionary<string, string>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
ReadOnlyAdmins List<string>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
TrustedResourceOwners List<string>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

Admins []string: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
AllowExternalDataFiltering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
AllowFullTableExternalDataAccess bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
AuthorizedSessionTagValueLists []string: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
CatalogId string: Identifier for the Data Catalog. By default, the account ID.
CreateDatabaseDefaultPermissions []DataLakeSettingsCreateDatabaseDefaultPermissionArgs: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
CreateTableDefaultPermissions []DataLakeSettingsCreateTableDefaultPermissionArgs: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
ExternalDataFilteringAllowLists []string: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
Parameters map[string]string: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
ReadOnlyAdmins []string: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
TrustedResourceOwners []string: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering Boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess Boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists List<String>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId String: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions List<DataLakeSettingsCreateDatabaseDefaultPermission>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions List<DataLakeSettingsCreateTableDefaultPermission>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists List<String>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Map<String,String>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners List<String>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins string[]: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists string[]: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId string: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions DataLakeSettingsCreateDatabaseDefaultPermission[]: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions DataLakeSettingsCreateTableDefaultPermission[]: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists string[]: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters {[key: string]: string}: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins string[]: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners string[]: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins Sequence[str]: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allow_external_data_filtering bool: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allow_full_table_external_data_access bool: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorized_session_tag_value_lists Sequence[str]: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalog_id str: Identifier for the Data Catalog. By default, the account ID.
create_database_default_permissions Sequence[DataLakeSettingsCreateDatabaseDefaultPermissionArgs]: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
create_table_default_permissions Sequence[DataLakeSettingsCreateTableDefaultPermissionArgs]: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
external_data_filtering_allow_lists Sequence[str]: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Mapping[str, str]: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
read_only_admins Sequence[str]: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trusted_resource_owners Sequence[str]: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

admins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles).
allowExternalDataFiltering Boolean: Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
allowFullTableExternalDataAccess Boolean: Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
authorizedSessionTagValueLists List<String>: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it.
catalogId String: Identifier for the Data Catalog. By default, the account ID.
createDatabaseDefaultPermissions List<Property Map>: Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.
createTableDefaultPermissions List<Property Map>: Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.
externalDataFilteringAllowLists List<String>: A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.
parameters Map<String>: Key-value map of additional configuration. Valid values for the CROSS_ACCOUNT_VERSION key are "1", "2", "3", or "4". SET_CONTEXT is also returned with a value of TRUE. In a fresh account, prior to configuring, CROSS_ACCOUNT_VERSION is "1". Destroying this resource sets the CROSS_ACCOUNT_VERSION to "1".
readOnlyAdmins List<String>: Set of ARNs of AWS Lake Formation principals (IAM users or roles) with only view access to the resources.
trustedResourceOwners List<String>: List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).
NOTE: Although optional, not including admins, create_database_default_permissions, create_table_default_permissions, parameters, and/or trusted_resource_owners results in the setting being cleared.

Supporting Types

DataLakeSettingsCreateDatabaseDefaultPermission
, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

Permissions List<string>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
Principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Permissions []string: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
Principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
principal String: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions string[]: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions Sequence[str]: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
principal str: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, DESCRIBE, and CREATE_TABLE. For more details, see Lake Formation Permissions Reference.
principal String: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

DataLakeSettingsCreateTableDefaultPermission
, DataLakeSettingsCreateTableDefaultPermissionArgs

Permissions List<string>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
Principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Permissions []string: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
Principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
principal String: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions string[]: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
principal string: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions Sequence[str]: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
principal str: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

permissions List<String>: List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.
principal String: Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.74.0 published on Wednesday, Mar 26, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage
Data Lake Admins
Create Default Permissions
Enable EMR access to LakeFormation resources
Change Cross Account Version
Create DataLakeSettings Resource
Constructor syntax
Constructor example
DataLakeSettings Resource Properties
Inputs
Outputs
Look up Existing DataLakeSettings Resource
Supporting Types
Package Details

Request a Change

aws.lakeformation.DataLakeSettings

On this page

On this page

Example Usage

Data Lake Admins

Create Default Permissions

Enable EMR access to LakeFormation resources

Change Cross Account Version

Create DataLakeSettings Resource

Constructor syntax

Parameters

Constructor example

DataLakeSettings Resource Properties

Inputs

Outputs

Look up Existing DataLakeSettings Resource

Supporting Types

DataLakeSettingsCreateDatabaseDefaultPermission
, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

DataLakeSettingsCreateTableDefaultPermission
, DataLakeSettingsCreateTableDefaultPermissionArgs

Package Details

On this page

On this page

aws.lakeformation.DataLakeSettings

On this page

On this page

Example Usage

Data Lake Admins

Create Default Permissions

Enable EMR access to LakeFormation resources

Change Cross Account Version

Create DataLakeSettings Resource

Constructor syntax

Parameters

Constructor example

DataLakeSettings Resource Properties

Inputs

Outputs

Look up Existing DataLakeSettings Resource

Supporting Types

DataLakeSettingsCreateDatabaseDefaultPermission, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

DataLakeSettingsCreateTableDefaultPermission, DataLakeSettingsCreateTableDefaultPermissionArgs

Package Details

On this page

On this page

DataLakeSettingsCreateDatabaseDefaultPermission
, DataLakeSettingsCreateDatabaseDefaultPermissionArgs

DataLakeSettingsCreateTableDefaultPermission
, DataLakeSettingsCreateTableDefaultPermissionArgs