Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request.

This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.

Attempts to cancel the specified transaction.

Attempts to commit the specified transaction.

Deletes the specified LF-tag given a key name.

For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled.

Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels.

Deregisters the resource as managed by the Data Catalog.

Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3.

Returns the state of a query previously submitted.

Returns the set of Amazon S3 objects that make up the specified governed table.

This API is identical to GetTemporaryTableCredentials except that this is used when the target Data Catalog resource is of type Partition.

Allows a caller in a secure environment to assume a role with permission to access Amazon S3.

Returns the work units resulting from the query.

Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Returns a list of the principal permissions on the resource, filtered by the permissions of the caller.

For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.

This operation returns only those permissions that have been explicitly granted.

Returns metadata about transactions and their status.

To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.

Sets the list of data lake administrators who have admin privileges on all resources managed by Lake Formation.

For more information on admin privileges, see Granting Lake Formation Permissions: https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html.

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

Removes an LF-tag from the resource.

This operation allows a search on DATABASE resources by TagCondition.

This operation allows a search on TABLE resources by LFTags.

Submits a request to process a query statement.

Starts a new transaction and returns its transaction ID.

Updates the list of possible values for the specified LF-tag key.