com.amazonaws.services.lakeformation

Class AWSLakeFormationClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.lakeformation.AWSLakeFormationClient

All Implemented Interfaces:

AWSLakeFormation

Direct Known Subclasses:

AWSLakeFormationAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSLakeFormationClient
extends AmazonWebServiceClient
implements AWSLakeFormation

Client for accessing AWS Lake Formation. All service calls made using this client are blocking, and will not return until the service call completes.

AWS Lake Formation

Defines the public endpoint for the AWS Lake Formation service.

Field Summary

Fields

Modifier and Type	Field and Description
protected static ClientConfigurationFactory	configFactory Client configuration factory providing ClientConfigurations tailored to this client

Fields inherited from class com.amazonaws.AmazonWebServiceClient

client, clientConfiguration, endpoint, isEndpointOverridden, LOGGING_AWS_REQUEST_METRIC, requestHandler2s, timeOffset

Fields inherited from interface com.amazonaws.services.lakeformation.AWSLakeFormation

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
AddLFTagsToResourceResult	addLFTagsToResource(AddLFTagsToResourceRequest request) Attaches one or more tags to an existing resource.
BatchGrantPermissionsResult	batchGrantPermissions(BatchGrantPermissionsRequest request) Batch operation to grant permissions to the principal.
BatchRevokePermissionsResult	batchRevokePermissions(BatchRevokePermissionsRequest request) Batch operation to revoke permissions from the principal.
static AWSLakeFormationClientBuilder	builder()
CreateLFTagResult	createLFTag(CreateLFTagRequest request) Creates a tag with the specified name and values.
DeleteLFTagResult	deleteLFTag(DeleteLFTagRequest request) Deletes the specified tag key name.
DeregisterResourceResult	deregisterResource(DeregisterResourceRequest request) Deregisters the resource as managed by the Data Catalog.
DescribeResourceResult	describeResource(DescribeResourceRequest request) Retrieves the current data access role for the given resource registered in AWS Lake Formation.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetDataLakeSettingsResult	getDataLakeSettings(GetDataLakeSettingsRequest request) Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.
GetEffectivePermissionsForPathResult	getEffectivePermissionsForPath(GetEffectivePermissionsForPathRequest request) Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.
GetLFTagResult	getLFTag(GetLFTagRequest request) Returns a tag definition.
GetResourceLFTagsResult	getResourceLFTags(GetResourceLFTagsRequest request) Returns the tags applied to a resource.
GrantPermissionsResult	grantPermissions(GrantPermissionsRequest request) Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
ListLFTagsResult	listLFTags(ListLFTagsRequest request) Lists tags that the requester has permission to view.
ListPermissionsResult	listPermissions(ListPermissionsRequest request) Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.
ListResourcesResult	listResources(ListResourcesRequest request) Lists the resources registered to be managed by the Data Catalog.
PutDataLakeSettingsResult	putDataLakeSettings(PutDataLakeSettingsRequest request) Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.
RegisterResourceResult	registerResource(RegisterResourceRequest request) Registers the resource as managed by the Data Catalog.
RemoveLFTagsFromResourceResult	removeLFTagsFromResource(RemoveLFTagsFromResourceRequest request) Removes a tag from the resource.
RevokePermissionsResult	revokePermissions(RevokePermissionsRequest request) Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
SearchDatabasesByLFTagsResult	searchDatabasesByLFTags(SearchDatabasesByLFTagsRequest request) This operation allows a search on DATABASE resources by TagCondition.
SearchTablesByLFTagsResult	searchTablesByLFTags(SearchTablesByLFTagsRequest request) This operation allows a search on TABLE resources by LFTags.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
UpdateLFTagResult	updateLFTag(UpdateLFTagRequest request) Updates the list of possible values for the specified tag key.
UpdateResourceResult	updateResource(UpdateResourceRequest request) Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, beforeClientExecution, beforeMarshalling, calculateCRC32FromCompressedData, checkMutability, configureRegion, createExecutionContext, createExecutionContext, createExecutionContext, createSignerProvider, endClientExecution, endClientExecution, getClientConfiguration, getClientId, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceAbbreviation, getServiceName, getServiceNameIntern, getSigner, getSignerByURI, getSignerOverride, getSignerProvider, getSignerRegionOverride, getSigningRegion, getTimeOffset, isCsmEnabled, isEndpointOverridden, isProfilingEnabled, isRequestMetricsEnabled, makeImmutable, removeRequestHandler, removeRequestHandler, requestMetricCollector, setEndpoint, setEndpoint, setEndpointPrefix, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shouldGenerateClientSideMonitoringEvents, useStrictHostNameVerification, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

configFactory

protected static final ClientConfigurationFactory configFactory

Client configuration factory providing ClientConfigurations tailored to this client

Method Detail

builder

public static AWSLakeFormationClientBuilder builder()

addLFTagsToResource

public AddLFTagsToResourceResult addLFTagsToResource(AddLFTagsToResourceRequest request)

Attaches one or more tags to an existing resource.

Specified by:

addLFTagsToResource in interface AWSLakeFormation

Parameters:

addLFTagsToResourceRequest -

Returns:

Result of the AddLFTagsToResource operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

AccessDeniedException - Access to a resource was denied.

ConcurrentModificationException - Two processes are trying to modify a resource simultaneously.

See Also:

AWS API Documentation

batchGrantPermissions

public BatchGrantPermissionsResult batchGrantPermissions(BatchGrantPermissionsRequest request)

Batch operation to grant permissions to the principal.

Specified by:

batchGrantPermissions in interface AWSLakeFormation

Parameters:

batchGrantPermissionsRequest -

Returns:

Result of the BatchGrantPermissions operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

OperationTimeoutException - The operation timed out.

See Also:

AWS API Documentation

batchRevokePermissions

public BatchRevokePermissionsResult batchRevokePermissions(BatchRevokePermissionsRequest request)

Batch operation to revoke permissions from the principal.

Specified by:

batchRevokePermissions in interface AWSLakeFormation

Parameters:

batchRevokePermissionsRequest -

Returns:

Result of the BatchRevokePermissions operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

OperationTimeoutException - The operation timed out.

See Also:

AWS API Documentation

createLFTag

public CreateLFTagResult createLFTag(CreateLFTagRequest request)

Creates a tag with the specified name and values.

Specified by:

createLFTag in interface AWSLakeFormation

Parameters:

createLFTagRequest -

Returns:

Result of the CreateLFTag operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

ResourceNumberLimitExceededException - A resource numerical limit was exceeded.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

deleteLFTag

public DeleteLFTagResult deleteLFTag(DeleteLFTagRequest request)

Deletes the specified tag key name. If the attribute key does not exist or the tag does not exist, then the operation will not do anything. If the attribute key exists, then the operation checks if any resources are tagged with this attribute key, if yes, the API throws a 400 Exception with the message "Delete not allowed" as the tag key is still attached with resources. You can consider untagging resources with this tag key.

Specified by:

deleteLFTag in interface AWSLakeFormation

Parameters:

deleteLFTagRequest -

Returns:

Result of the DeleteLFTag operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

deregisterResource

public DeregisterResourceResult deregisterResource(DeregisterResourceRequest request)

Deregisters the resource as managed by the Data Catalog.

When you deregister a path, Lake Formation removes the path from the inline policy attached to your service-linked role.

Specified by:

deregisterResource in interface AWSLakeFormation

Parameters:

deregisterResourceRequest -

Returns:

Result of the DeregisterResource operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

EntityNotFoundException - A specified entity does not exist

See Also:

AWS API Documentation

describeResource

public DescribeResourceResult describeResource(DescribeResourceRequest request)

Retrieves the current data access role for the given resource registered in AWS Lake Formation.

Specified by:

describeResource in interface AWSLakeFormation

Parameters:

describeResourceRequest -

Returns:

Result of the DescribeResource operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

EntityNotFoundException - A specified entity does not exist

See Also:

AWS API Documentation

getDataLakeSettings

public GetDataLakeSettingsResult getDataLakeSettings(GetDataLakeSettingsRequest request)

Retrieves the list of the data lake administrators of a Lake Formation-managed data lake.

Specified by:

getDataLakeSettings in interface AWSLakeFormation

Parameters:

getDataLakeSettingsRequest -

Returns:

Result of the GetDataLakeSettings operation returned by the service.

Throws:

InternalServiceException - An internal service error occurred.

InvalidInputException - The input provided was not valid.

EntityNotFoundException - A specified entity does not exist

See Also:

AWS API Documentation

getEffectivePermissionsForPath

public GetEffectivePermissionsForPathResult getEffectivePermissionsForPath(GetEffectivePermissionsForPathRequest request)

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

Specified by:

getEffectivePermissionsForPath in interface AWSLakeFormation

Parameters:

getEffectivePermissionsForPathRequest -

Returns:

Result of the GetEffectivePermissionsForPath operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

EntityNotFoundException - A specified entity does not exist

OperationTimeoutException - The operation timed out.

InternalServiceException - An internal service error occurred.

See Also:

AWS API Documentation

getLFTag

public GetLFTagResult getLFTag(GetLFTagRequest request)

Returns a tag definition.

Specified by:

getLFTag in interface AWSLakeFormation

Parameters:

getLFTagRequest -

Returns:

Result of the GetLFTag operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

getResourceLFTags

public GetResourceLFTagsResult getResourceLFTags(GetResourceLFTagsRequest request)

Returns the tags applied to a resource.

Specified by:

getResourceLFTags in interface AWSLakeFormation

Parameters:

getResourceLFTagsRequest -

Returns:

Result of the GetResourceLFTags operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

GlueEncryptionException - An encryption operation failed.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

grantPermissions

public GrantPermissionsResult grantPermissions(GrantPermissionsRequest request)

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

For information about permissions, see Security and Access Control to Metadata and Data.

Specified by:

grantPermissions in interface AWSLakeFormation

Parameters:

grantPermissionsRequest -

Returns:

Result of the GrantPermissions operation returned by the service.

Throws:

ConcurrentModificationException - Two processes are trying to modify a resource simultaneously.

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

See Also:

AWS API Documentation

listLFTags

public ListLFTagsResult listLFTags(ListLFTagsRequest request)

Lists tags that the requester has permission to view.

Specified by:

listLFTags in interface AWSLakeFormation

Parameters:

listLFTagsRequest -

Returns:

Result of the ListLFTags operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

See Also:

AWS API Documentation

listPermissions

public ListPermissionsResult listPermissions(ListPermissionsRequest request)

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

This operation returns only those permissions that have been explicitly granted.

For information about permissions, see Security and Access Control to Metadata and Data.

Specified by:

listPermissions in interface AWSLakeFormation

Parameters:

listPermissionsRequest -

Returns:

Result of the ListPermissions operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

OperationTimeoutException - The operation timed out.

InternalServiceException - An internal service error occurred.

See Also:

AWS API Documentation

listResources

public ListResourcesResult listResources(ListResourcesRequest request)

Lists the resources registered to be managed by the Data Catalog.

Specified by:

listResources in interface AWSLakeFormation

Parameters:

listResourcesRequest -

Returns:

Result of the ListResources operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

See Also:

AWS API Documentation

putDataLakeSettings

public PutDataLakeSettingsResult putDataLakeSettings(PutDataLakeSettingsRequest request)

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation. For more information on admin privileges, see Granting Lake Formation Permissions.

This API replaces the current list of data lake admins with the new list being passed. To add an admin, fetch the current list and add the new admin to that list and pass that list in this API.

Specified by:

putDataLakeSettings in interface AWSLakeFormation

Parameters:

putDataLakeSettingsRequest -

Returns:

Result of the PutDataLakeSettings operation returned by the service.

Throws:

InternalServiceException - An internal service error occurred.

InvalidInputException - The input provided was not valid.

See Also:

AWS API Documentation

registerResource

public RegisterResourceResult registerResource(RegisterResourceRequest request)

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives AWS Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

arn:aws:iam::12345:role/my-data-access-role

Specified by:

registerResource in interface AWSLakeFormation

Parameters:

registerResourceRequest -

Returns:

Result of the RegisterResource operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

AlreadyExistsException - A resource to be created or added already exists.

See Also:

AWS API Documentation

removeLFTagsFromResource

public RemoveLFTagsFromResourceResult removeLFTagsFromResource(RemoveLFTagsFromResourceRequest request)

Removes a tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in tableWithColumns to specify column input.

Specified by:

removeLFTagsFromResource in interface AWSLakeFormation

Parameters:

removeLFTagsFromResourceRequest -

Returns:

Result of the RemoveLFTagsFromResource operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

GlueEncryptionException - An encryption operation failed.

AccessDeniedException - Access to a resource was denied.

ConcurrentModificationException - Two processes are trying to modify a resource simultaneously.

See Also:

AWS API Documentation

revokePermissions

public RevokePermissionsResult revokePermissions(RevokePermissionsRequest request)

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Specified by:

revokePermissions in interface AWSLakeFormation

Parameters:

revokePermissionsRequest -

Returns:

Result of the RevokePermissions operation returned by the service.

Throws:

ConcurrentModificationException - Two processes are trying to modify a resource simultaneously.

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

See Also:

AWS API Documentation

searchDatabasesByLFTags

public SearchDatabasesByLFTagsResult searchDatabasesByLFTags(SearchDatabasesByLFTagsRequest request)

This operation allows a search on DATABASE resources by TagCondition. This operation is used by admins who want to grant user permissions on certain TagConditions. Before making a grant, the admin can use SearchDatabasesByTags to find all resources where the given TagConditions are valid to verify whether the returned resources can be shared.

Specified by:

searchDatabasesByLFTags in interface AWSLakeFormation

Parameters:

searchDatabasesByLFTagsRequest -

Returns:

Result of the SearchDatabasesByLFTags operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InternalServiceException - An internal service error occurred.

InvalidInputException - The input provided was not valid.

OperationTimeoutException - The operation timed out.

GlueEncryptionException - An encryption operation failed.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

searchTablesByLFTags

public SearchTablesByLFTagsResult searchTablesByLFTags(SearchTablesByLFTagsRequest request)

This operation allows a search on TABLE resources by LFTags. This will be used by admins who want to grant user permissions on certain LFTags. Before making a grant, the admin can use SearchTablesByLFTags to find all resources where the given LFTags are valid to verify whether the returned resources can be shared.

Specified by:

searchTablesByLFTags in interface AWSLakeFormation

Parameters:

searchTablesByLFTagsRequest -

Returns:

Result of the SearchTablesByLFTags operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InternalServiceException - An internal service error occurred.

InvalidInputException - The input provided was not valid.

OperationTimeoutException - The operation timed out.

GlueEncryptionException - An encryption operation failed.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

updateLFTag

public UpdateLFTagResult updateLFTag(UpdateLFTagRequest request)

Updates the list of possible values for the specified tag key. If the tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - "Update not allowed". Untag the attribute before deleting the tag key's value.

Specified by:

updateLFTag in interface AWSLakeFormation

Parameters:

updateLFTagRequest -

Returns:

Result of the UpdateLFTag operation returned by the service.

Throws:

EntityNotFoundException - A specified entity does not exist

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

ConcurrentModificationException - Two processes are trying to modify a resource simultaneously.

AccessDeniedException - Access to a resource was denied.

See Also:

AWS API Documentation

updateResource

public UpdateResourceResult updateResource(UpdateResourceRequest request)

Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation.

Specified by:

updateResource in interface AWSLakeFormation

Parameters:

updateResourceRequest -

Returns:

Result of the UpdateResource operation returned by the service.

Throws:

InvalidInputException - The input provided was not valid.

InternalServiceException - An internal service error occurred.

OperationTimeoutException - The operation timed out.

EntityNotFoundException - A specified entity does not exist

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSLakeFormation

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from interface: AWSLakeFormation

Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSLakeFormation

Overrides:

shutdown in class AmazonWebServiceClient