LakeFormation / Client / get_temporary_glue_table_credentials

get_temporary_glue_table_credentials#

LakeFormation.Client.get_temporary_glue_table_credentials(**kwargs)#

Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

To call this API, the role that the service assumes must have lakeformation:GetDataAccess permission on the resource.

See also: AWS API Documentation

Request Syntax

response = client.get_temporary_glue_table_credentials(
    TableArn='string',
    Permissions=[
        'ALL'|'SELECT'|'ALTER'|'DROP'|'DELETE'|'INSERT'|'DESCRIBE'|'CREATE_DATABASE'|'CREATE_TABLE'|'DATA_LOCATION_ACCESS'|'CREATE_LF_TAG'|'ASSOCIATE'|'GRANT_WITH_LF_TAG_EXPRESSION'|'CREATE_LF_TAG_EXPRESSION'|'CREATE_CATALOG'|'SUPER_USER',
    ],
    DurationSeconds=123,
    AuditContext={
        'AdditionalAuditContext': 'string'
    },
    SupportedPermissionTypes=[
        'COLUMN_PERMISSION'|'CELL_FILTER_PERMISSION'|'NESTED_PERMISSION'|'NESTED_CELL_PERMISSION',
    ],
    S3Path='string',
    QuerySessionContext={
        'QueryId': 'string',
        'QueryStartTime': datetime(2015, 1, 1),
        'ClusterId': 'string',
        'QueryAuthorizationId': 'string',
        'AdditionalContext': {
            'string': 'string'
        }
    }
)
Parameters:
  • TableArn (string) –

    [REQUIRED]

    The ARN identifying a table in the Data Catalog for the temporary credentials request.

  • Permissions (list) –

    Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

    • (string) –

  • DurationSeconds (integer) – The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

  • AuditContext (dict) –

    A structure representing context to access a resource (column names, query ID, etc).

    • AdditionalAuditContext (string) –

      The filter engine can populate the ‘AdditionalAuditContext’ information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.

  • SupportedPermissionTypes (list) –

    A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.

    • (string) –

  • S3Path (string) – The Amazon S3 path for the table.

  • QuerySessionContext (dict) –

    A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request’s authorization context.

    • QueryId (string) –

      A unique identifier generated by the query engine for the query.

    • QueryStartTime (datetime) –

      A timestamp provided by the query engine for when the query started.

    • ClusterId (string) –

      An identifier string for the consumer cluster.

    • QueryAuthorizationId (string) –

      A cryptographically generated query identifier generated by Glue or Lake Formation.

    • AdditionalContext (dict) –

      An opaque string-string map passed by the query engine.

      • (string) –

        • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'AccessKeyId': 'string',
    'SecretAccessKey': 'string',
    'SessionToken': 'string',
    'Expiration': datetime(2015, 1, 1),
    'VendedS3Path': [
        'string',
    ]
}

Response Structure

  • (dict) –

    • AccessKeyId (string) –

      The access key ID for the temporary credentials.

    • SecretAccessKey (string) –

      The secret key for the temporary credentials.

    • SessionToken (string) –

      The session token for the temporary credentials.

    • Expiration (datetime) –

      The date and time when the temporary credentials expire.

    • VendedS3Path (list) –

      The Amazon S3 path for the temporary credentials.

      • (string) –

Exceptions

  • LakeFormation.Client.exceptions.InvalidInputException

  • LakeFormation.Client.exceptions.InternalServiceException

  • LakeFormation.Client.exceptions.OperationTimeoutException

  • LakeFormation.Client.exceptions.EntityNotFoundException

  • LakeFormation.Client.exceptions.AccessDeniedException

  • LakeFormation.Client.exceptions.PermissionTypeMismatchException