PrincipalPermissions ​
The PrincipalPermissions resource lets you manage permissions for data lake principals in AWS LakeFormation. You can define granular access controls to your data lake resources. For more details, refer to the official AWS documentation: AWS LakeFormation PrincipalPermissionss.
Minimal Example ​
Create a basic PrincipalPermissions resource with required properties and a common optional property.
ts
import AWS from "alchemy/aws/control";
const basicPermissions = await AWS.LakeFormation.PrincipalPermissions("basicPermissions", {
Resource: {
Table: {
DatabaseName: "finance_db",
Name: "transactions"
}
},
Permissions: ["SELECT"],
Principal: {
DataLakePrincipalIdentifier: "user@example.com"
},
PermissionsWithGrantOption: ["SELECT"]
});Advanced Configuration ​
Configure advanced permissions including catalog-level permissions and multiple permissions.
ts
const advancedPermissions = await AWS.LakeFormation.PrincipalPermissions("advancedPermissions", {
Resource: {
Catalog: {}
},
Permissions: ["ALL"],
Catalog: "finance_catalog",
Principal: {
DataLakePrincipalIdentifier: "group:finance-team"
},
PermissionsWithGrantOption: ["SELECT", "INSERT"]
});Granting Permissions with Options ​
Demonstrate how to grant permissions with grant options on a specific table.
ts
const tablePermissionsWithGrant = await AWS.LakeFormation.PrincipalPermissions("tablePermissionsWithGrant", {
Resource: {
Table: {
DatabaseName: "sales_db",
Name: "customer_data"
}
},
Permissions: ["INSERT"],
Principal: {
DataLakePrincipalIdentifier: "role:analytics-role"
},
PermissionsWithGrantOption: ["INSERT"]
});Catalog-Level Permissions ​
Create a PrincipalPermissions resource that grants catalog-level permissions to a user.
ts
const catalogPermissions = await AWS.LakeFormation.PrincipalPermissions("catalogPermissions", {
Resource: {
Catalog: {}
},
Permissions: ["CREATE_DATABASE"],
Principal: {
DataLakePrincipalIdentifier: "user:admin@example.com"
},
PermissionsWithGrantOption: []
});