AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.lakeformation.PrincipalPermissions

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

The AWS::LakeFormation::PrincipalPermissions resource represents the permissions that a principal has on a GLUDC resource (such as GLUlong databases or GLUlong tables). When you create a PrincipalPermissions resource, the permissions are granted via the LFlong GrantPermissions API operation. When you delete a PrincipalPermissions resource, the permissions on principal-resource pair are revoked via the LFlong RevokePermissions API operation.

Create PrincipalPermissions Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PrincipalPermissions(name: string, args: PrincipalPermissionsArgs, opts?: CustomResourceOptions);

@overload
def PrincipalPermissions(resource_name: str,
                         args: PrincipalPermissionsArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def PrincipalPermissions(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         permissions: Optional[Sequence[PrincipalPermissionsPermission]] = None,
                         permissions_with_grant_option: Optional[Sequence[PrincipalPermissionsPermission]] = None,
                         principal: Optional[PrincipalPermissionsDataLakePrincipalArgs] = None,
                         resource: Optional[PrincipalPermissionsResourceArgs] = None,
                         catalog: Optional[str] = None)

func NewPrincipalPermissions(ctx *Context, name string, args PrincipalPermissionsArgs, opts ...ResourceOption) (*PrincipalPermissions, error)

public PrincipalPermissions(string name, PrincipalPermissionsArgs args, CustomResourceOptions? opts = null)

public PrincipalPermissions(String name, PrincipalPermissionsArgs args)
public PrincipalPermissions(String name, PrincipalPermissionsArgs args, CustomResourceOptions options)

type: aws-native:lakeformation:PrincipalPermissions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PrincipalPermissionsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PrincipalPermissionsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PrincipalPermissionsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PrincipalPermissionsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PrincipalPermissionsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

PrincipalPermissions Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PrincipalPermissions resource accepts the following input properties:

Permissions List<Pulumi.AwsNative.LakeFormation.PrincipalPermissionsPermission>: The permissions granted or revoked.
PermissionsWithGrantOption List<Pulumi.AwsNative.LakeFormation.PrincipalPermissionsPermission>: Indicates the ability to grant permissions (as a subset of permissions granted).
Principal Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsDataLakePrincipal: The principal to be granted a permission.
Resource Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsResource: The resource to be granted or revoked permissions.
Catalog string: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Permissions []PrincipalPermissionsPermission: The permissions granted or revoked.
PermissionsWithGrantOption []PrincipalPermissionsPermission: Indicates the ability to grant permissions (as a subset of permissions granted).
Principal PrincipalPermissionsDataLakePrincipalArgs: The principal to be granted a permission.
Resource PrincipalPermissionsResourceArgs: The resource to be granted or revoked permissions.
Catalog string: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

permissions List<PrincipalPermissionsPermission>: The permissions granted or revoked.
permissionsWithGrantOption List<PrincipalPermissionsPermission>: Indicates the ability to grant permissions (as a subset of permissions granted).
principal PrincipalPermissionsDataLakePrincipal: The principal to be granted a permission.
resource PrincipalPermissionsResource: The resource to be granted or revoked permissions.
catalog String: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

permissions PrincipalPermissionsPermission[]: The permissions granted or revoked.
permissionsWithGrantOption PrincipalPermissionsPermission[]: Indicates the ability to grant permissions (as a subset of permissions granted).
principal PrincipalPermissionsDataLakePrincipal: The principal to be granted a permission.
resource PrincipalPermissionsResource: The resource to be granted or revoked permissions.
catalog string: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

permissions Sequence[PrincipalPermissionsPermission]: The permissions granted or revoked.
permissions_with_grant_option Sequence[PrincipalPermissionsPermission]: Indicates the ability to grant permissions (as a subset of permissions granted).
principal PrincipalPermissionsDataLakePrincipalArgs: The principal to be granted a permission.
resource PrincipalPermissionsResourceArgs: The resource to be granted or revoked permissions.
catalog str: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

permissions List<"ALL" | "SELECT" | "ALTER" | "DROP" | "DELETE" | "INSERT" | "DESCRIBE" | "CREATE_DATABASE" | "CREATE_TABLE" | "DATA_LOCATION_ACCESS" | "CREATE_LF_TAG" | "ASSOCIATE" | "GRANT_WITH_LF_TAG_EXPRESSION">: The permissions granted or revoked.
permissionsWithGrantOption List<"ALL" | "SELECT" | "ALTER" | "DROP" | "DELETE" | "INSERT" | "DESCRIBE" | "CREATE_DATABASE" | "CREATE_TABLE" | "DATA_LOCATION_ACCESS" | "CREATE_LF_TAG" | "ASSOCIATE" | "GRANT_WITH_LF_TAG_EXPRESSION">: Indicates the ability to grant permissions (as a subset of permissions granted).
principal Property Map: The principal to be granted a permission.
resource Property Map: The resource to be granted or revoked permissions.
catalog String: The identifier for the GLUDC. By default, the account ID. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

Outputs

All input properties are implicitly available as output properties. Additionally, the PrincipalPermissions resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
PrincipalIdentifier string: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
ResourceIdentifier string: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

Id string: The provider-assigned unique ID for this managed resource.
PrincipalIdentifier string: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
ResourceIdentifier string: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

id String: The provider-assigned unique ID for this managed resource.
principalIdentifier String: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
resourceIdentifier String: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

id string: The provider-assigned unique ID for this managed resource.
principalIdentifier string: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
resourceIdentifier string: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

id str: The provider-assigned unique ID for this managed resource.
principal_identifier str: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
resource_identifier str: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

id String: The provider-assigned unique ID for this managed resource.
principalIdentifier String: Json encoding of the input principal. For example: {"DataLakePrincipalIdentifier":"arn:aws:iam::123456789012:role/ExampleRole"}
resourceIdentifier String: Json encoding of the input resource. For example: {"Catalog":null,"Database":null,"Table":null,"TableWithColumns":null,"DataLocation":null,"DataCellsFilter":{"TableCatalogId":"123456789012","DatabaseName":"ExampleDatabase","TableName":"ExampleTable","Name":"ExampleFilter"},"LFTag":null,"LFTagPolicy":null}

Supporting Types

PrincipalPermissionsColumnWildcard, PrincipalPermissionsColumnWildcardArgs

ExcludedColumnNames List<string>: Excludes column names. Any column with this name will be excluded.

ExcludedColumnNames []string: Excludes column names. Any column with this name will be excluded.

excludedColumnNames List<String>: Excludes column names. Any column with this name will be excluded.

excludedColumnNames string[]: Excludes column names. Any column with this name will be excluded.

excluded_column_names Sequence[str]: Excludes column names. Any column with this name will be excluded.

excludedColumnNames List<String>: Excludes column names. Any column with this name will be excluded.

PrincipalPermissionsDataCellsFilterResource, PrincipalPermissionsDataCellsFilterResourceArgs

DatabaseName string: A database in the GLUDC.
Name string: The name given by the user to the data filter cell.
TableCatalogId string: The ID of the catalog to which the table belongs.
TableName string: The name of the table.

DatabaseName string: A database in the GLUDC.
Name string: The name given by the user to the data filter cell.
TableCatalogId string: The ID of the catalog to which the table belongs.
TableName string: The name of the table.

databaseName String: A database in the GLUDC.
name String: The name given by the user to the data filter cell.
tableCatalogId String: The ID of the catalog to which the table belongs.
tableName String: The name of the table.

databaseName string: A database in the GLUDC.
name string: The name given by the user to the data filter cell.
tableCatalogId string: The ID of the catalog to which the table belongs.
tableName string: The name of the table.

database_name str: A database in the GLUDC.
name str: The name given by the user to the data filter cell.
table_catalog_id str: The ID of the catalog to which the table belongs.
table_name str: The name of the table.

databaseName String: A database in the GLUDC.
name String: The name given by the user to the data filter cell.
tableCatalogId String: The ID of the catalog to which the table belongs.
tableName String: The name of the table.

PrincipalPermissionsDataLakePrincipal, PrincipalPermissionsDataLakePrincipalArgs

DataLakePrincipalIdentifier string: An identifier for the LFlong principal.

DataLakePrincipalIdentifier string: An identifier for the LFlong principal.

dataLakePrincipalIdentifier String: An identifier for the LFlong principal.

dataLakePrincipalIdentifier string: An identifier for the LFlong principal.

data_lake_principal_identifier str: An identifier for the LFlong principal.

dataLakePrincipalIdentifier String: An identifier for the LFlong principal.

PrincipalPermissionsDataLocationResource, PrincipalPermissionsDataLocationResourceArgs

CatalogId string: The identifier for the GLUDC where the location is registered with LFlong.
ResourceArn string: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

CatalogId string: The identifier for the GLUDC where the location is registered with LFlong.
ResourceArn string: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId String: The identifier for the GLUDC where the location is registered with LFlong.
resourceArn String: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId string: The identifier for the GLUDC where the location is registered with LFlong.
resourceArn string: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalog_id str: The identifier for the GLUDC where the location is registered with LFlong.
resource_arn str: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

catalogId String: The identifier for the GLUDC where the location is registered with LFlong.
resourceArn String: The Amazon Resource Name (ARN) that uniquely identifies the data location resource.

PrincipalPermissionsDatabaseResource, PrincipalPermissionsDatabaseResourceArgs

CatalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
Name string: The name of the database resource. Unique to the Data Catalog.

CatalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
Name string: The name of the database resource. Unique to the Data Catalog.

catalogId String: The identifier for the Data Catalog. By default, it is the account ID of the caller.
name String: The name of the database resource. Unique to the Data Catalog.

catalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
name string: The name of the database resource. Unique to the Data Catalog.

catalog_id str: The identifier for the Data Catalog. By default, it is the account ID of the caller.
name str: The name of the database resource. Unique to the Data Catalog.

catalogId String: The identifier for the Data Catalog. By default, it is the account ID of the caller.
name String: The name of the database resource. Unique to the Data Catalog.

PrincipalPermissionsLfTag, PrincipalPermissionsLfTagArgs

TagKey string: The key-name for the LF-tag.
TagValues List<string>: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

TagKey string: The key-name for the LF-tag.
TagValues []string: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

tagKey String: The key-name for the LF-tag.
tagValues List<String>: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

tagKey string: The key-name for the LF-tag.
tagValues string[]: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

tag_key str: The key-name for the LF-tag.
tag_values Sequence[str]: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

tagKey String: The key-name for the LF-tag.
tagValues List<String>: A list of possible values of the corresponding TagKey of an LF-tag key-value pair.

PrincipalPermissionsLfTagKeyResource, PrincipalPermissionsLfTagKeyResourceArgs

CatalogId string: The identifier for the GLUDC where the location is registered with GLUDC.
TagKey string: The key-name for the LF-tag.
TagValues List<string>: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

CatalogId string: The identifier for the GLUDC where the location is registered with GLUDC.
TagKey string: The key-name for the LF-tag.
TagValues []string: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

catalogId String: The identifier for the GLUDC where the location is registered with GLUDC.
tagKey String: The key-name for the LF-tag.
tagValues List<String>: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

catalogId string: The identifier for the GLUDC where the location is registered with GLUDC.
tagKey string: The key-name for the LF-tag.
tagValues string[]: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

catalog_id str: The identifier for the GLUDC where the location is registered with GLUDC.
tag_key str: The key-name for the LF-tag.
tag_values Sequence[str]: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

catalogId String: The identifier for the GLUDC where the location is registered with GLUDC.
tagKey String: The key-name for the LF-tag.
tagValues List<String>: A list of possible values for the corresponding TagKey of an LF-tag key-value pair.

PrincipalPermissionsLfTagPolicyResource, PrincipalPermissionsLfTagPolicyResourceArgs

CatalogId string: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
Expression List<Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsLfTag>: A list of LF-tag conditions that apply to the resource's LF-tag policy.
ResourceType Pulumi.AwsNative.LakeFormation.PrincipalPermissionsResourceType: The resource type for which the LF-tag policy applies.

CatalogId string: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
Expression []PrincipalPermissionsLfTag: A list of LF-tag conditions that apply to the resource's LF-tag policy.
ResourceType PrincipalPermissionsResourceType: The resource type for which the LF-tag policy applies.

catalogId String: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
expression List<PrincipalPermissionsLfTag>: A list of LF-tag conditions that apply to the resource's LF-tag policy.
resourceType PrincipalPermissionsResourceType: The resource type for which the LF-tag policy applies.

catalogId string: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
expression PrincipalPermissionsLfTag[]: A list of LF-tag conditions that apply to the resource's LF-tag policy.
resourceType PrincipalPermissionsResourceType: The resource type for which the LF-tag policy applies.

catalog_id str: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
expression Sequence[PrincipalPermissionsLfTag]: A list of LF-tag conditions that apply to the resource's LF-tag policy.
resource_type PrincipalPermissionsResourceType: The resource type for which the LF-tag policy applies.

catalogId String: The identifier for the GLUDC. The GLUDC is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
expression List<Property Map>: A list of LF-tag conditions that apply to the resource's LF-tag policy.
resourceType "DATABASE" | "TABLE": The resource type for which the LF-tag policy applies.

PrincipalPermissionsPermission, PrincipalPermissionsPermissionArgs

All: ALL
Select: SELECT
Alter: ALTER
Drop: DROP
Delete: DELETE
Insert: INSERT
Describe: DESCRIBE
CreateDatabase: CREATE_DATABASE
CreateTable: CREATE_TABLE
DataLocationAccess: DATA_LOCATION_ACCESS
CreateLfTag: CREATE_LF_TAG
Associate: ASSOCIATE
GrantWithLfTagExpression: GRANT_WITH_LF_TAG_EXPRESSION

PrincipalPermissionsPermissionAll: ALL
PrincipalPermissionsPermissionSelect: SELECT
PrincipalPermissionsPermissionAlter: ALTER
PrincipalPermissionsPermissionDrop: DROP
PrincipalPermissionsPermissionDelete: DELETE
PrincipalPermissionsPermissionInsert: INSERT
PrincipalPermissionsPermissionDescribe: DESCRIBE
PrincipalPermissionsPermissionCreateDatabase: CREATE_DATABASE
PrincipalPermissionsPermissionCreateTable: CREATE_TABLE
PrincipalPermissionsPermissionDataLocationAccess: DATA_LOCATION_ACCESS
PrincipalPermissionsPermissionCreateLfTag: CREATE_LF_TAG
PrincipalPermissionsPermissionAssociate: ASSOCIATE
PrincipalPermissionsPermissionGrantWithLfTagExpression: GRANT_WITH_LF_TAG_EXPRESSION

All: ALL
Select: SELECT
Alter: ALTER
Drop: DROP
Delete: DELETE
Insert: INSERT
Describe: DESCRIBE
CreateDatabase: CREATE_DATABASE
CreateTable: CREATE_TABLE
DataLocationAccess: DATA_LOCATION_ACCESS
CreateLfTag: CREATE_LF_TAG
Associate: ASSOCIATE
GrantWithLfTagExpression: GRANT_WITH_LF_TAG_EXPRESSION

All: ALL
Select: SELECT
Alter: ALTER
Drop: DROP
Delete: DELETE
Insert: INSERT
Describe: DESCRIBE
CreateDatabase: CREATE_DATABASE
CreateTable: CREATE_TABLE
DataLocationAccess: DATA_LOCATION_ACCESS
CreateLfTag: CREATE_LF_TAG
Associate: ASSOCIATE
GrantWithLfTagExpression: GRANT_WITH_LF_TAG_EXPRESSION

ALL: ALL
SELECT: SELECT
ALTER: ALTER
DROP: DROP
DELETE: DELETE
INSERT: INSERT
DESCRIBE: DESCRIBE
CREATE_DATABASE: CREATE_DATABASE
CREATE_TABLE: CREATE_TABLE
DATA_LOCATION_ACCESS: DATA_LOCATION_ACCESS
CREATE_LF_TAG: CREATE_LF_TAG
ASSOCIATE: ASSOCIATE
GRANT_WITH_LF_TAG_EXPRESSION: GRANT_WITH_LF_TAG_EXPRESSION

"ALL": ALL
"SELECT": SELECT
"ALTER": ALTER
"DROP": DROP
"DELETE": DELETE
"INSERT": INSERT
"DESCRIBE": DESCRIBE
"CREATE_DATABASE": CREATE_DATABASE
"CREATE_TABLE": CREATE_TABLE
"DATA_LOCATION_ACCESS": DATA_LOCATION_ACCESS
"CREATE_LF_TAG": CREATE_LF_TAG
"ASSOCIATE": ASSOCIATE
"GRANT_WITH_LF_TAG_EXPRESSION": GRANT_WITH_LF_TAG_EXPRESSION

PrincipalPermissionsResource, PrincipalPermissionsResourceArgs

Catalog Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsCatalogResource: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
DataCellsFilter Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsDataCellsFilterResource: A data cell filter.
DataLocation Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsDataLocationResource: The location of an Amazon S3 path where permissions are granted or revoked.
Database Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsDatabaseResource: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
LfTag Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsLfTagKeyResource: The LF-tag key and values attached to a resource.
LfTagPolicy Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsLfTagPolicyResource: A list of LF-tag conditions that define a resource's LF-tag policy.
Table Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsTableResource: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
TableWithColumns Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsTableWithColumnsResource: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

Catalog PrincipalPermissionsCatalogResource: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
DataCellsFilter PrincipalPermissionsDataCellsFilterResource: A data cell filter.
DataLocation PrincipalPermissionsDataLocationResource: The location of an Amazon S3 path where permissions are granted or revoked.
Database PrincipalPermissionsDatabaseResource: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
LfTag PrincipalPermissionsLfTagKeyResource: The LF-tag key and values attached to a resource.
LfTagPolicy PrincipalPermissionsLfTagPolicyResource: A list of LF-tag conditions that define a resource's LF-tag policy.
Table PrincipalPermissionsTableResource: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
TableWithColumns PrincipalPermissionsTableWithColumnsResource: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

catalog PrincipalPermissionsCatalogResource: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
dataCellsFilter PrincipalPermissionsDataCellsFilterResource: A data cell filter.
dataLocation PrincipalPermissionsDataLocationResource: The location of an Amazon S3 path where permissions are granted or revoked.
database PrincipalPermissionsDatabaseResource: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
lfTag PrincipalPermissionsLfTagKeyResource: The LF-tag key and values attached to a resource.
lfTagPolicy PrincipalPermissionsLfTagPolicyResource: A list of LF-tag conditions that define a resource's LF-tag policy.
table PrincipalPermissionsTableResource: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
tableWithColumns PrincipalPermissionsTableWithColumnsResource: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

catalog PrincipalPermissionsCatalogResource: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
dataCellsFilter PrincipalPermissionsDataCellsFilterResource: A data cell filter.
dataLocation PrincipalPermissionsDataLocationResource: The location of an Amazon S3 path where permissions are granted or revoked.
database PrincipalPermissionsDatabaseResource: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
lfTag PrincipalPermissionsLfTagKeyResource: The LF-tag key and values attached to a resource.
lfTagPolicy PrincipalPermissionsLfTagPolicyResource: A list of LF-tag conditions that define a resource's LF-tag policy.
table PrincipalPermissionsTableResource: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
tableWithColumns PrincipalPermissionsTableWithColumnsResource: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

catalog PrincipalPermissionsCatalogResource: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
data_cells_filter PrincipalPermissionsDataCellsFilterResource: A data cell filter.
data_location PrincipalPermissionsDataLocationResource: The location of an Amazon S3 path where permissions are granted or revoked.
database PrincipalPermissionsDatabaseResource: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
lf_tag PrincipalPermissionsLfTagKeyResource: The LF-tag key and values attached to a resource.
lf_tag_policy PrincipalPermissionsLfTagPolicyResource: A list of LF-tag conditions that define a resource's LF-tag policy.
table PrincipalPermissionsTableResource: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
table_with_columns PrincipalPermissionsTableWithColumnsResource: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

catalog Property Map: The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your LFlong environment.
dataCellsFilter Property Map: A data cell filter.
dataLocation Property Map: The location of an Amazon S3 path where permissions are granted or revoked.
database Property Map: The database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal.
lfTag Property Map: The LF-tag key and values attached to a resource.
lfTagPolicy Property Map: A list of LF-tag conditions that define a resource's LF-tag policy.
table Property Map: The table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
tableWithColumns Property Map: The table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3.

PrincipalPermissionsResourceType, PrincipalPermissionsResourceTypeArgs

Database: DATABASE
Table: TABLE

PrincipalPermissionsResourceTypeDatabase: DATABASE
PrincipalPermissionsResourceTypeTable: TABLE

Database: DATABASE
Table: TABLE

Database: DATABASE
Table: TABLE

DATABASE: DATABASE
TABLE: TABLE

"DATABASE": DATABASE
"TABLE": TABLE

PrincipalPermissionsTableResource, PrincipalPermissionsTableResourceArgs

CatalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
DatabaseName string: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
Name string: The name of the table.
TableWildcard Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsTableWildcard: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

CatalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
DatabaseName string: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
Name string: The name of the table.
TableWildcard PrincipalPermissionsTableWildcard: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

catalogId String: The identifier for the Data Catalog. By default, it is the account ID of the caller.
databaseName String: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name String: The name of the table.
tableWildcard PrincipalPermissionsTableWildcard: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

catalogId string: The identifier for the Data Catalog. By default, it is the account ID of the caller.
databaseName string: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name string: The name of the table.
tableWildcard PrincipalPermissionsTableWildcard: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

catalog_id str: The identifier for the Data Catalog. By default, it is the account ID of the caller.
database_name str: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name str: The name of the table.
table_wildcard PrincipalPermissionsTableWildcard: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

catalogId String: The identifier for the Data Catalog. By default, it is the account ID of the caller.
databaseName String: The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name String: The name of the table.
tableWildcard Property Map: A wildcard object representing every table under a database. At least one of TableResource$Name or TableResource$TableWildcard is required.

PrincipalPermissionsTableWithColumnsResource, PrincipalPermissionsTableWithColumnsResourceArgs

CatalogId string: The identifier for the GLUDC where the location is registered with LFlong.
DatabaseName string: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
Name string: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
ColumnNames List<string>: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
ColumnWildcard Pulumi.AwsNative.LakeFormation.Inputs.PrincipalPermissionsColumnWildcard: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

CatalogId string: The identifier for the GLUDC where the location is registered with LFlong.
DatabaseName string: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
Name string: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
ColumnNames []string: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
ColumnWildcard PrincipalPermissionsColumnWildcard: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

catalogId String: The identifier for the GLUDC where the location is registered with LFlong.
databaseName String: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name String: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
columnNames List<String>: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
columnWildcard PrincipalPermissionsColumnWildcard: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

catalogId string: The identifier for the GLUDC where the location is registered with LFlong.
databaseName string: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name string: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
columnNames string[]: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
columnWildcard PrincipalPermissionsColumnWildcard: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

catalog_id str: The identifier for the GLUDC where the location is registered with LFlong.
database_name str: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name str: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
column_names Sequence[str]: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
column_wildcard PrincipalPermissionsColumnWildcard: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

catalogId String: The identifier for the GLUDC where the location is registered with LFlong.
databaseName String: The name of the database for the table with columns resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal.
name String: The name of the table resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal.
columnNames List<String>: The list of column names for the table. At least one of ColumnNames or ColumnWildcard is required.
columnWildcard Property Map: A wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.lakeformation.PrincipalPermissions

On this page

On this page

Create PrincipalPermissions Resource

Constructor syntax

Parameters

PrincipalPermissions Resource Properties

Inputs

Outputs

Supporting Types

PrincipalPermissionsColumnWildcard, PrincipalPermissionsColumnWildcardArgs

PrincipalPermissionsDataCellsFilterResource, PrincipalPermissionsDataCellsFilterResourceArgs

PrincipalPermissionsDataLakePrincipal, PrincipalPermissionsDataLakePrincipalArgs

PrincipalPermissionsDataLocationResource, PrincipalPermissionsDataLocationResourceArgs

PrincipalPermissionsDatabaseResource, PrincipalPermissionsDatabaseResourceArgs

PrincipalPermissionsLfTag, PrincipalPermissionsLfTagArgs

PrincipalPermissionsLfTagKeyResource, PrincipalPermissionsLfTagKeyResourceArgs

PrincipalPermissionsLfTagPolicyResource, PrincipalPermissionsLfTagPolicyResourceArgs

PrincipalPermissionsPermission, PrincipalPermissionsPermissionArgs

PrincipalPermissionsResource, PrincipalPermissionsResourceArgs

PrincipalPermissionsResourceType, PrincipalPermissionsResourceTypeArgs

PrincipalPermissionsTableResource, PrincipalPermissionsTableResourceArgs

PrincipalPermissionsTableWithColumnsResource, PrincipalPermissionsTableWithColumnsResourceArgs

Package Details

On this page

On this page