AWS::LakeFormation::PrincipalPermissions

LakeFormation PrincipalPermissions

The AWS::LakeFormation::PrincipalPermissions resource represents the permissions that a principal has on a GLUDC resource (such as GLUlong databases or GLUlong tables). When you create a PrincipalPermissions resource, the permissions are granted via the LFlongGrantPermissions API operation. When you delete a PrincipalPermissions resource, the permissions on principal-resource pair are revoked via the LFlongRevokePermissions API operation.

Properties

5 configurable properties. 4 required. Click a row to see details.

Filter:

Property	Type	Flags
`Permissions`	`array`	RequiredCreate-only
`PermissionsWithGrantOption`	`array`	RequiredCreate-only
`Principal`	`DataLakePrincipal`	RequiredCreate-only
`Resource`	`Resource`	RequiredCreate-only
`Catalog`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`PrincipalIdentifier`	`string`	-
`ResourceIdentifier`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::LakeFormation::PrincipalPermissions

Resources:
  MyResource:
    Type: AWS::LakeFormation::PrincipalPermissions
    Properties:
      Principal: "value"
      Resource: "value"
      Permissions: "value"
      PermissionsWithGrantOption: "value"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

lakeformation:GrantPermissionslakeformation:ListPermissionsglue:GetTableglue:GetDatabase

read

lakeformation:ListPermissionsglue:GetTableglue:GetDatabase

delete

lakeformation:RevokePermissionslakeformation:ListPermissionsglue:GetTableglue:GetDatabase

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceLakeFormation

Properties7

Required4

TaggingNot supported

Primary IDPrincipalIdentifier

Supported Operations

CreateReadDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

CatalogPrincipalResourcePermissionsPermissionsWithGrantOption

Related Resources

External Links

AWS Documentation