Permissions
The Permissions resource allows you to manage AWS LakeFormation Permissions for data lake principals, enabling fine-grained access control to your data resources.
Minimal Example
Section titled “Minimal Example”Create a basic permissions setup for a data lake principal with default permissions.
import AWS from "alchemy/aws/control";
const lakeFormationPermissions = await AWS.LakeFormation.Permissions("basicPermissions", { DataLakePrincipal: { DataLakePrincipalIdentifier: "user@example.com" }, Resource: { Table: { DatabaseName: "myDatabase", Name: "myTable" } }, Permissions: ["SELECT", "INSERT"], PermissionsWithGrantOption: ["SELECT"]});Advanced Configuration
Section titled “Advanced Configuration”Configure advanced permissions with multiple resources and grant options.
const advancedLakeFormationPermissions = await AWS.LakeFormation.Permissions("advancedPermissions", { DataLakePrincipal: { DataLakePrincipalIdentifier: "role/MyDataLakeRole" }, Resource: { Database: { Name: "myDatabase" } }, Permissions: ["ALL"], PermissionsWithGrantOption: ["SELECT", "INSERT"], adopt: true // Adopt existing resource if it already exists});Granting Permissions to Multiple Resources
Section titled “Granting Permissions to Multiple Resources”Demonstrate granting permissions to multiple tables within a database.
const multiResourcePermissions = await AWS.LakeFormation.Permissions("multiResourcePermissions", { DataLakePrincipal: { DataLakePrincipalIdentifier: "group/DataAnalysts" }, Resource: { Table: { DatabaseName: "myDatabase", Name: "salesData" } }, Permissions: ["SELECT"], PermissionsWithGrantOption: ["SELECT"]});
// Granting permissions to another tableconst anotherTablePermissions = await AWS.LakeFormation.Permissions("anotherTablePermissions", { DataLakePrincipal: { DataLakePrincipalIdentifier: "group/DataAnalysts" }, Resource: { Table: { DatabaseName: "myDatabase", Name: "customerData" } }, Permissions: ["SELECT"], PermissionsWithGrantOption: ["SELECT"]});