AWS API Changes

2024/04/16 - AWS Lake Formation - 3 updated api methods

Changes This release adds Lake Formation managed RAM support for the 4 APIs - "DescribeLakeFormationIdentityCenterConfiguration", "CreateLakeFormationIdentityCenterConfiguration", "DescribeLakeFormationIdentityCenterConfiguration", and "DeleteLakeFormationIdentityCenterConfiguration"

CreateLakeFormationIdentityCenterConfiguration (updated)

Link ¶
Changes (request)

{'ShareRecipients': [{'DataLakePrincipalIdentifier': 'string'}]}

Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

See also: AWS API Documentation

Request Syntax

client.create_lake_formation_identity_center_configuration(
    CatalogId='string',
    InstanceArn='string',
    ExternalFiltering={
        'Status': 'ENABLED'|'DISABLED',
        'AuthorizedTargets': [
            'string',
        ]
    },
    ShareRecipients=[
        {
            'DataLakePrincipalIdentifier': 'string'
        },
    ]
)

type CatalogId

string

param CatalogId

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

type InstanceArn

string

param InstanceArn

The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

type ExternalFiltering

dict

param ExternalFiltering

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

Status (string) -- [REQUIRED]

Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.
AuthorizedTargets (list) -- [REQUIRED]

List of third-party application ARNs integrated with Lake Formation.
- (string) --

type ShareRecipients

list

param ShareRecipients

A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources.

If the ShareRecipients value is null or the list is empty, no resource share is created.

(dict) --

The Lake Formation principal. Supported principals are IAM users or IAM roles.
- DataLakePrincipalIdentifier (string) --
  
  An identifier for the Lake Formation principal.

rtype

dict

returns

Response Syntax

{
    'ApplicationArn': 'string'
}

Response Structure

(dict) --
- ApplicationArn (string) --
  
  The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.

DescribeLakeFormationIdentityCenterConfiguration (updated)

Link ¶
Changes (response)

{'ResourceShare': 'string',
 'ShareRecipients': [{'DataLakePrincipalIdentifier': 'string'}]}

Retrieves the instance ARN and application ARN for the connection.

See also: AWS API Documentation

Request Syntax

client.describe_lake_formation_identity_center_configuration(
    CatalogId='string'
)

type CatalogId

string

param CatalogId

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

rtype

dict

returns

Response Syntax

{
    'CatalogId': 'string',
    'InstanceArn': 'string',
    'ApplicationArn': 'string',
    'ExternalFiltering': {
        'Status': 'ENABLED'|'DISABLED',
        'AuthorizedTargets': [
            'string',
        ]
    },
    'ShareRecipients': [
        {
            'DataLakePrincipalIdentifier': 'string'
        },
    ],
    'ResourceShare': 'string'
}

Response Structure

(dict) --
- CatalogId (string) --
  
  The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- InstanceArn (string) --
  
  The Amazon Resource Name (ARN) of the connection.
- ApplicationArn (string) --
  
  The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.
- ExternalFiltering (dict) --
  
  Indicates if external filtering is enabled.
  - Status (string) --
    
    Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.
  - AuthorizedTargets (list) --
    
    List of third-party application ARNs integrated with Lake Formation.
    - (string) --
- ShareRecipients (list) --
  
  A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.
  
  If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources as the ShareRecipients .
  
  If the ShareRecipients value is null or the list is empty, no resource share is created.
  - (dict) --
    
    The Lake Formation principal. Supported principals are IAM users or IAM roles.
    - DataLakePrincipalIdentifier (string) --
      
      An identifier for the Lake Formation principal.
- ResourceShare (string) --
  
  The Amazon Resource Name (ARN) of the RAM share.

UpdateLakeFormationIdentityCenterConfiguration (updated)

Link ¶
Changes (request)

{'ShareRecipients': [{'DataLakePrincipalIdentifier': 'string'}]}

Updates the IAM Identity Center connection parameters.

See also: AWS API Documentation

Request Syntax

client.update_lake_formation_identity_center_configuration(
    CatalogId='string',
    ShareRecipients=[
        {
            'DataLakePrincipalIdentifier': 'string'
        },
    ],
    ApplicationStatus='ENABLED'|'DISABLED',
    ExternalFiltering={
        'Status': 'ENABLED'|'DISABLED',
        'AuthorizedTargets': [
            'string',
        ]
    }
)

type CatalogId

string

param CatalogId

type ShareRecipients

list

param ShareRecipients

A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access to access data managed by Lake Formation.

If the ShareRecipients list includes valid values, then the resource share is updated with the principals you want to have access to the resources.

If the ShareRecipients value is null, both the list of share recipients and the resource share remain unchanged.

If the ShareRecipients value is an empty list, then the existing share recipients list will be cleared, and the resource share will be deleted.

(dict) --

The Lake Formation principal. Supported principals are IAM users or IAM roles.
- DataLakePrincipalIdentifier (string) --
  
  An identifier for the Lake Formation principal.

type ApplicationStatus

string

param ApplicationStatus

Allows to enable or disable the IAM Identity Center connection.

type ExternalFiltering

dict

param ExternalFiltering

A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

Status (string) -- [REQUIRED]

Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.
AuthorizedTargets (list) -- [REQUIRED]

List of third-party application ARNs integrated with Lake Formation.
- (string) --

rtype

dict

returns

Response Syntax

{}

Response Structure

(dict) --