Skip to content
Alchemy
GitHubXDiscord

DataLakeSettings

The DataLakeSettings resource allows you to manage AWS LakeFormation DataLakeSettings which provide the configuration settings for your data lake, including permissions and data access policies.

Minimal Example

Section titled “Minimal Example”

Create a basic DataLakeSettings resource with essential properties and some optional configurations.

import AWS from "alchemy/aws/control";


const dataLakeSettings = await AWS.LakeFormation.DataLakeSettings("basicDataLakeSettings", {
  AllowExternalDataFiltering: true,
  ExternalDataFilteringAllowList: {
    DataSources: ["s3://my-data-lake-source"],
  },
  CreateTableDefaultPermissions: [
    {
      Principal: { DataLakePrincipalIdentifier: "user:admin@example.com" },
      Resource: { Table: { DatabaseName: "myDatabase", Name: "myTable" } },
      Permissions: ["ALL"],
    },
  ],
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure the DataLakeSettings resource with additional options such as mutation type and trusted resource owners.

const advancedDataLakeSettings = await AWS.LakeFormation.DataLakeSettings("advancedDataLakeSettings", {
  AllowFullTableExternalDataAccess: true,
  MutationType: "ALLOW_MUTATION",
  TrustedResourceOwners: ["arn:aws:iam::123456789012:role/MyTrustedRole"],
  Admins: {
    DataLakePrincipalIdentifiers: ["user:admin@example.com", "role:DataLakeAdmin"],
  },
  CreateDatabaseDefaultPermissions: [
    {
      Principal: { DataLakePrincipalIdentifier: "role:DatabaseAdmin" },
      Resource: { Database: { Name: "myDatabase" } },
      Permissions: ["ALL"],
    },
  ],
});

Configuring Session Tags

Section titled “Configuring Session Tags”

Set up authorized session tags to manage access control based on user attributes.

const sessionTagDataLakeSettings = await AWS.LakeFormation.DataLakeSettings("sessionTagDataLakeSettings", {
  AuthorizedSessionTagValueList: ["environment:production", "team:data"],
  AllowExternalDataFiltering: true,
});

Full Configuration Example

Section titled “Full Configuration Example”

Demonstrate a complete configuration of DataLakeSettings with all properties included.

const completeDataLakeSettings = await AWS.LakeFormation.DataLakeSettings("completeDataLakeSettings", {
  AllowExternalDataFiltering: true,
  ExternalDataFilteringAllowList: {
    DataSources: ["s3://my-data-lake-source", "s3://another-data-source"],
  },
  CreateTableDefaultPermissions: [
    {
      Principal: { DataLakePrincipalIdentifier: "user:tableAdmin@example.com" },
      Resource: { Table: { DatabaseName: "myDatabase", Name: "myTable" } },
      Permissions: ["SELECT", "INSERT"],
    },
  ],
  MutationType: "ALLOW_MUTATION",
  Parameters: {
    CustomParameter: "value",
  },
  AllowFullTableExternalDataAccess: false,
  Admins: {
    DataLakePrincipalIdentifiers: ["user:admin@example.com", "role:DataLakeAdmin"],
  },
  CreateDatabaseDefaultPermissions: [
    {
      Principal: { DataLakePrincipalIdentifier: "role:DatabaseAdmin" },
      Resource: { Database: { Name: "myDatabase" } },
      Permissions: ["ALL"],
    },
  ],
  AuthorizedSessionTagValueList: ["environment:production"],
  TrustedResourceOwners: ["arn:aws:iam::123456789012:role/MyTrustedRole"],
});