Permissions

The Permissions resource allows you to manage AWS LakeFormation Permissions for data lake principals, enabling fine-grained access control to your data resources.

Minimal Example

Create a basic permissions setup for a data lake principal with default permissions.

import AWS from "alchemy/aws/control";

const lakeFormationPermissions = await AWS.LakeFormation.Permissions("basicPermissions", {
  DataLakePrincipal: {
    DataLakePrincipalIdentifier: "user@example.com"
  },
  Resource: {
    Table: {
      DatabaseName: "myDatabase",
      Name: "myTable"
    }
  },
  Permissions: ["SELECT", "INSERT"],
  PermissionsWithGrantOption: ["SELECT"]
});

Advanced Configuration

Configure advanced permissions with multiple resources and grant options.

const advancedLakeFormationPermissions = await AWS.LakeFormation.Permissions("advancedPermissions", {
  DataLakePrincipal: {
    DataLakePrincipalIdentifier: "role/MyDataLakeRole"
  },
  Resource: {
    Database: {
      Name: "myDatabase"
    }
  },
  Permissions: ["ALL"],
  PermissionsWithGrantOption: ["SELECT", "INSERT"],
  adopt: true // Adopt existing resource if it already exists
});

Granting Permissions to Multiple Resources

Demonstrate granting permissions to multiple tables within a database.

const multiResourcePermissions = await AWS.LakeFormation.Permissions("multiResourcePermissions", {
  DataLakePrincipal: {
    DataLakePrincipalIdentifier: "group/DataAnalysts"
  },
  Resource: {
    Table: {
      DatabaseName: "myDatabase",
      Name: "salesData"
    }
  },
  Permissions: ["SELECT"],
  PermissionsWithGrantOption: ["SELECT"]
});

// Granting permissions to another table
const anotherTablePermissions = await AWS.LakeFormation.Permissions("anotherTablePermissions", {
  DataLakePrincipal: {
    DataLakePrincipalIdentifier: "group/DataAnalysts"
  },
  Resource: {
    Table: {
      DatabaseName: "myDatabase",
      Name: "customerData"
    }
  },
  Permissions: ["SELECT"],
  PermissionsWithGrantOption: ["SELECT"]
});