AWS Lake Formation

{'QuerySessionContext': {'AdditionalContext': {'string': 'string'},
                         'ClusterId': 'string',
                         'QueryAuthorizationId': 'string',
                         'QueryId': 'string',
                         'QueryStartTime': 'timestamp'},
 'S3Path': 'string'}

{'VendedS3Path': ['string']}

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

See also: AWS API Documentation

Request Syntax

client.get_temporary_glue_table_credentials(
    TableArn='string',
    Permissions=[
        'ALL'|'SELECT'|'ALTER'|'DROP'|'DELETE'|'INSERT'|'DESCRIBE'|'CREATE_DATABASE'|'CREATE_TABLE'|'DATA_LOCATION_ACCESS'|'CREATE_LF_TAG'|'ASSOCIATE'|'GRANT_WITH_LF_TAG_EXPRESSION',
    ],
    DurationSeconds=123,
    AuditContext={
        'AdditionalAuditContext': 'string'
    },
    SupportedPermissionTypes=[
        'COLUMN_PERMISSION'|'CELL_FILTER_PERMISSION'|'NESTED_PERMISSION'|'NESTED_CELL_PERMISSION',
    ],
    S3Path='string',
    QuerySessionContext={
        'QueryId': 'string',
        'QueryStartTime': datetime(2015, 1, 1),
        'ClusterId': 'string',
        'QueryAuthorizationId': 'string',
        'AdditionalContext': {
            'string': 'string'
        }
    }
)

type TableArn

string

param TableArn

[REQUIRED]

The ARN identifying a table in the Data Catalog for the temporary credentials request.

type Permissions

list

param Permissions

Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

• (string) --

type DurationSeconds

integer

param DurationSeconds

The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

type AuditContext

dict

param AuditContext

A structure representing context to access a resource (column names, query ID, etc).

• AdditionalAuditContext (string) --

  The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.

type SupportedPermissionTypes

list

param SupportedPermissionTypes

A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION .

• (string) --

type S3Path

string

param S3Path

The Amazon S3 path for the table.

type QuerySessionContext

dict

param QuerySessionContext

A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.

• QueryId (string) --

  A unique identifier generated by the query engine for the query.

• QueryStartTime (datetime) --

  A timestamp provided by the query engine for when the query started.

• ClusterId (string) --

  An identifier string for the consumer cluster.

• QueryAuthorizationId (string) --

  A cryptographically generated query identifier generated by Glue or Lake Formation.

• AdditionalContext (dict) --

  An opaque string-string map passed by the query engine.

  • (string) --

    • (string) --

rtype

dict

returns

Response Syntax

{
    'AccessKeyId': 'string',
    'SecretAccessKey': 'string',
    'SessionToken': 'string',
    'Expiration': datetime(2015, 1, 1),
    'VendedS3Path': [
        'string',
    ]
}

Response Structure

• (dict) --

  • AccessKeyId (string) --

    The access key ID for the temporary credentials.

  • SecretAccessKey (string) --

    The secret key for the temporary credentials.

  • SessionToken (string) --

    The session token for the temporary credentials.

  • Expiration (datetime) --

    The date and time when the temporary credentials expire.

  • VendedS3Path (list) --

    The Amazon S3 path for the temporary credentials.

    • (string) --