2023/12/22 - AWS Lake Formation - 1 updated api methods
Changes This release adds additional configurations on GetTemporaryGlueTableCredentials for Query Session Context.
{'QuerySessionContext': {'AdditionalContext': {'string': 'string'},
'ClusterId': 'string',
'QueryAuthorizationId': 'string',
'QueryId': 'string',
'QueryStartTime': 'timestamp'},
'S3Path': 'string'}
Response {'VendedS3Path': ['string']}
Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.
See also: AWS API Documentation
Request Syntax
client.get_temporary_glue_table_credentials(
TableArn='string',
Permissions=[
'ALL'|'SELECT'|'ALTER'|'DROP'|'DELETE'|'INSERT'|'DESCRIBE'|'CREATE_DATABASE'|'CREATE_TABLE'|'DATA_LOCATION_ACCESS'|'CREATE_LF_TAG'|'ASSOCIATE'|'GRANT_WITH_LF_TAG_EXPRESSION',
],
DurationSeconds=123,
AuditContext={
'AdditionalAuditContext': 'string'
},
SupportedPermissionTypes=[
'COLUMN_PERMISSION'|'CELL_FILTER_PERMISSION'|'NESTED_PERMISSION'|'NESTED_CELL_PERMISSION',
],
S3Path='string',
QuerySessionContext={
'QueryId': 'string',
'QueryStartTime': datetime(2015, 1, 1),
'ClusterId': 'string',
'QueryAuthorizationId': 'string',
'AdditionalContext': {
'string': 'string'
}
}
)
string
[REQUIRED]
The ARN identifying a table in the Data Catalog for the temporary credentials request.
list
Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).
(string) --
integer
The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.
dict
A structure representing context to access a resource (column names, query ID, etc).
AdditionalAuditContext (string) --
The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.
list
A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
(string) --
string
The Amazon S3 path for the table.
dict
A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.
QueryId (string) --
A unique identifier generated by the query engine for the query.
QueryStartTime (datetime) --
A timestamp provided by the query engine for when the query started.
ClusterId (string) --
An identifier string for the consumer cluster.
QueryAuthorizationId (string) --
A cryptographically generated query identifier generated by Glue or Lake Formation.
AdditionalContext (dict) --
An opaque string-string map passed by the query engine.
(string) --
(string) --
dict
Response Syntax
{
'AccessKeyId': 'string',
'SecretAccessKey': 'string',
'SessionToken': 'string',
'Expiration': datetime(2015, 1, 1),
'VendedS3Path': [
'string',
]
}
Response Structure
(dict) --
AccessKeyId (string) --
The access key ID for the temporary credentials.
SecretAccessKey (string) --
The secret key for the temporary credentials.
SessionToken (string) --
The session token for the temporary credentials.
Expiration (datetime) --
The date and time when the temporary credentials expire.
VendedS3Path (list) --
The Amazon S3 path for the temporary credentials.
(string) --