Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data DataLakeSettings = DataLakeSettings' {
- allowExternalDataFiltering :: Maybe Bool
- authorizedSessionTagValueList :: Maybe [Text]
- createDatabaseDefaultPermissions :: Maybe [PrincipalPermissions]
- createTableDefaultPermissions :: Maybe [PrincipalPermissions]
- dataLakeAdmins :: Maybe [DataLakePrincipal]
- externalDataFilteringAllowList :: Maybe [DataLakePrincipal]
- parameters :: Maybe (HashMap Text Text)
- trustedResourceOwners :: Maybe [Text]
- newDataLakeSettings :: DataLakeSettings
- dataLakeSettings_allowExternalDataFiltering :: Lens' DataLakeSettings (Maybe Bool)
- dataLakeSettings_authorizedSessionTagValueList :: Lens' DataLakeSettings (Maybe [Text])
- dataLakeSettings_createDatabaseDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions])
- dataLakeSettings_createTableDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions])
- dataLakeSettings_dataLakeAdmins :: Lens' DataLakeSettings (Maybe [DataLakePrincipal])
- dataLakeSettings_externalDataFilteringAllowList :: Lens' DataLakeSettings (Maybe [DataLakePrincipal])
- dataLakeSettings_parameters :: Lens' DataLakeSettings (Maybe (HashMap Text Text))
- dataLakeSettings_trustedResourceOwners :: Lens' DataLakeSettings (Maybe [Text])
Documentation
data DataLakeSettings Source #
A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.
See: newDataLakeSettings
smart constructor.
DataLakeSettings' | |
|
Instances
newDataLakeSettings :: DataLakeSettings Source #
Create a value of DataLakeSettings
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowExternalDataFiltering:DataLakeSettings'
, dataLakeSettings_allowExternalDataFiltering
- Whether to allow Amazon EMR clusters to access data managed by Lake
Formation.
If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
For more information, see (Optional) Allow Data Filtering on Amazon EMR.
$sel:authorizedSessionTagValueList:DataLakeSettings'
, dataLakeSettings_authorizedSessionTagValueList
- Lake Formation relies on a privileged process secured by Amazon EMR or
the third party integrator to tag the user's role while assuming it.
Lake Formation will publish the acceptable key-value pair, for example
key = "LakeFormationTrustedCaller" and value = "TRUE" and the third
party integrator must properly tag the temporary security credentials
that will be used to call Lake Formation's administrative APIs.
$sel:createDatabaseDefaultPermissions:DataLakeSettings'
, dataLakeSettings_createDatabaseDefaultPermissions
- Specifies whether access control on newly created database is managed by
Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
$sel:createTableDefaultPermissions:DataLakeSettings'
, dataLakeSettings_createTableDefaultPermissions
- Specifies whether access control on newly created table is managed by
Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
$sel:dataLakeAdmins:DataLakeSettings'
, dataLakeSettings_dataLakeAdmins
- A list of Lake Formation principals. Supported principals are IAM users
or IAM roles.
$sel:externalDataFilteringAllowList:DataLakeSettings'
, dataLakeSettings_externalDataFilteringAllowList
- A list of the account IDs of Amazon Web Services accounts with Amazon
EMR clusters that are to perform data filtering.>
$sel:parameters:DataLakeSettings'
, dataLakeSettings_parameters
- A key-value map that provides an additional configuration on your data
lake. CrossAccountVersion is the key you can configure in the Parameters
field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.
$sel:trustedResourceOwners:DataLakeSettings'
, dataLakeSettings_trustedResourceOwners
- A list of the resource-owning account IDs that the caller's account can
use to share their user access details (user ARNs). The user ARNs can be
logged in the resource owner's CloudTrail log.
You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
dataLakeSettings_allowExternalDataFiltering :: Lens' DataLakeSettings (Maybe Bool) Source #
Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
For more information, see (Optional) Allow Data Filtering on Amazon EMR.
dataLakeSettings_authorizedSessionTagValueList :: Lens' DataLakeSettings (Maybe [Text]) Source #
Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.
dataLakeSettings_createDatabaseDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions]) Source #
Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
dataLakeSettings_createTableDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions]) Source #
Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.
A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
For more information, see Changing the Default Security Settings for Your Data Lake.
dataLakeSettings_dataLakeAdmins :: Lens' DataLakeSettings (Maybe [DataLakePrincipal]) Source #
A list of Lake Formation principals. Supported principals are IAM users or IAM roles.
dataLakeSettings_externalDataFilteringAllowList :: Lens' DataLakeSettings (Maybe [DataLakePrincipal]) Source #
A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>
dataLakeSettings_parameters :: Lens' DataLakeSettings (Maybe (HashMap Text Text)) Source #
A key-value map that provides an additional configuration on your data lake. CrossAccountVersion is the key you can configure in the Parameters field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.
dataLakeSettings_trustedResourceOwners :: Lens' DataLakeSettings (Maybe [Text]) Source #
A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.
You may want to specify this property when you are in a high-trust boundary, such as the same team or company.