diff --git a/clients/client-lakeformation/src/commands/BatchGrantPermissionsCommand.ts b/clients/client-lakeformation/src/commands/BatchGrantPermissionsCommand.ts
index ae22b6fff8ca..f0f73fbcdf02 100644
--- a/clients/client-lakeformation/src/commands/BatchGrantPermissionsCommand.ts
+++ b/clients/client-lakeformation/src/commands/BatchGrantPermissionsCommand.ts
@@ -107,10 +107,10 @@ export interface BatchGrantPermissionsCommandOutput extends BatchGrantPermission
* },
* },
* Permissions: [ // PermissionList
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* PermissionsWithGrantOption: [
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* },
* ],
@@ -181,10 +181,10 @@ export interface BatchGrantPermissionsCommandOutput extends BatchGrantPermission
* // },
* // },
* // Permissions: [ // PermissionList
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // PermissionsWithGrantOption: [
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // },
* // Error: { // ErrorDetail
diff --git a/clients/client-lakeformation/src/commands/BatchRevokePermissionsCommand.ts b/clients/client-lakeformation/src/commands/BatchRevokePermissionsCommand.ts
index 0e4f809c6918..acf417ec4d34 100644
--- a/clients/client-lakeformation/src/commands/BatchRevokePermissionsCommand.ts
+++ b/clients/client-lakeformation/src/commands/BatchRevokePermissionsCommand.ts
@@ -107,10 +107,10 @@ export interface BatchRevokePermissionsCommandOutput extends BatchRevokePermissi
* },
* },
* Permissions: [ // PermissionList
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* PermissionsWithGrantOption: [
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* },
* ],
@@ -181,10 +181,10 @@ export interface BatchRevokePermissionsCommandOutput extends BatchRevokePermissi
* // },
* // },
* // Permissions: [ // PermissionList
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // PermissionsWithGrantOption: [
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // },
* // Error: { // ErrorDetail
diff --git a/clients/client-lakeformation/src/commands/GetDataLakeSettingsCommand.ts b/clients/client-lakeformation/src/commands/GetDataLakeSettingsCommand.ts
index 4824f6061f1b..319a634e2ac6 100644
--- a/clients/client-lakeformation/src/commands/GetDataLakeSettingsCommand.ts
+++ b/clients/client-lakeformation/src/commands/GetDataLakeSettingsCommand.ts
@@ -55,13 +55,18 @@ export interface GetDataLakeSettingsCommandOutput extends GetDataLakeSettingsRes
* // DataLakePrincipalIdentifier: "STRING_VALUE",
* // },
* // ],
+ * // ReadOnlyAdmins: [
+ * // {
+ * // DataLakePrincipalIdentifier: "STRING_VALUE",
+ * // },
+ * // ],
* // CreateDatabaseDefaultPermissions: [ // PrincipalPermissionsList
* // { // PrincipalPermissions
* // Principal: {
* // DataLakePrincipalIdentifier: "STRING_VALUE",
* // },
* // Permissions: [ // PermissionList
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // },
* // ],
@@ -71,7 +76,7 @@ export interface GetDataLakeSettingsCommandOutput extends GetDataLakeSettingsRes
* // DataLakePrincipalIdentifier: "STRING_VALUE",
* // },
* // Permissions: [
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // },
* // ],
@@ -82,6 +87,7 @@ export interface GetDataLakeSettingsCommandOutput extends GetDataLakeSettingsRes
* // "STRING_VALUE",
* // ],
* // AllowExternalDataFiltering: true || false,
+ * // AllowFullTableExternalDataAccess: true || false,
* // ExternalDataFilteringAllowList: [
* // {
* // DataLakePrincipalIdentifier: "STRING_VALUE",
diff --git a/clients/client-lakeformation/src/commands/GetEffectivePermissionsForPathCommand.ts b/clients/client-lakeformation/src/commands/GetEffectivePermissionsForPathCommand.ts
index 88e54aacd603..b81e050120d9 100644
--- a/clients/client-lakeformation/src/commands/GetEffectivePermissionsForPathCommand.ts
+++ b/clients/client-lakeformation/src/commands/GetEffectivePermissionsForPathCommand.ts
@@ -119,10 +119,10 @@ export interface GetEffectivePermissionsForPathCommandOutput
* // },
* // },
* // Permissions: [ // PermissionList
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // PermissionsWithGrantOption: [
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // AdditionalDetails: { // DetailsMap
* // ResourceShare: [ // ResourceShareList
diff --git a/clients/client-lakeformation/src/commands/GetTemporaryGluePartitionCredentialsCommand.ts b/clients/client-lakeformation/src/commands/GetTemporaryGluePartitionCredentialsCommand.ts
index 9cb196871ce7..1fb585dc31ea 100644
--- a/clients/client-lakeformation/src/commands/GetTemporaryGluePartitionCredentialsCommand.ts
+++ b/clients/client-lakeformation/src/commands/GetTemporaryGluePartitionCredentialsCommand.ts
@@ -59,14 +59,14 @@ export interface GetTemporaryGluePartitionCredentialsCommandOutput
* ],
* },
* Permissions: [ // PermissionList
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* DurationSeconds: Number("int"),
* AuditContext: { // AuditContext
* AdditionalAuditContext: "STRING_VALUE",
* },
- * SupportedPermissionTypes: [ // PermissionTypeList // required
- * "COLUMN_PERMISSION" || "CELL_FILTER_PERMISSION",
+ * SupportedPermissionTypes: [ // PermissionTypeList
+ * "COLUMN_PERMISSION" || "CELL_FILTER_PERMISSION" || "NESTED_PERMISSION" || "NESTED_CELL_PERMISSION",
* ],
* };
* const command = new GetTemporaryGluePartitionCredentialsCommand(input);
diff --git a/clients/client-lakeformation/src/commands/GetTemporaryGlueTableCredentialsCommand.ts b/clients/client-lakeformation/src/commands/GetTemporaryGlueTableCredentialsCommand.ts
index 4158978a1e5a..63177a955776 100644
--- a/clients/client-lakeformation/src/commands/GetTemporaryGlueTableCredentialsCommand.ts
+++ b/clients/client-lakeformation/src/commands/GetTemporaryGlueTableCredentialsCommand.ts
@@ -51,14 +51,14 @@ export interface GetTemporaryGlueTableCredentialsCommandOutput
* const input = { // GetTemporaryGlueTableCredentialsRequest
* TableArn: "STRING_VALUE", // required
* Permissions: [ // PermissionList
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* DurationSeconds: Number("int"),
* AuditContext: { // AuditContext
* AdditionalAuditContext: "STRING_VALUE",
* },
- * SupportedPermissionTypes: [ // PermissionTypeList // required
- * "COLUMN_PERMISSION" || "CELL_FILTER_PERMISSION",
+ * SupportedPermissionTypes: [ // PermissionTypeList
+ * "COLUMN_PERMISSION" || "CELL_FILTER_PERMISSION" || "NESTED_PERMISSION" || "NESTED_CELL_PERMISSION",
* ],
* };
* const command = new GetTemporaryGlueTableCredentialsCommand(input);
diff --git a/clients/client-lakeformation/src/commands/GrantPermissionsCommand.ts b/clients/client-lakeformation/src/commands/GrantPermissionsCommand.ts
index 2ca3ba288b75..0e260f6ff5f6 100644
--- a/clients/client-lakeformation/src/commands/GrantPermissionsCommand.ts
+++ b/clients/client-lakeformation/src/commands/GrantPermissionsCommand.ts
@@ -105,10 +105,10 @@ export interface GrantPermissionsCommandOutput extends GrantPermissionsResponse,
* },
* },
* Permissions: [ // PermissionList // required
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* PermissionsWithGrantOption: [
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* };
* const command = new GrantPermissionsCommand(input);
diff --git a/clients/client-lakeformation/src/commands/ListPermissionsCommand.ts b/clients/client-lakeformation/src/commands/ListPermissionsCommand.ts
index f71a87e11e08..913254950981 100644
--- a/clients/client-lakeformation/src/commands/ListPermissionsCommand.ts
+++ b/clients/client-lakeformation/src/commands/ListPermissionsCommand.ts
@@ -38,7 +38,7 @@ export interface ListPermissionsCommandOutput extends ListPermissionsResponse, _
* @public
* Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
* This operation returns only those permissions that have been explicitly granted.
- * For information about permissions, see Security and Access Control to Metadata and Data.
+ * For information about permissions, see Security and Access Control to Metadata and Data.
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
@@ -174,10 +174,10 @@ export interface ListPermissionsCommandOutput extends ListPermissionsResponse, _
* // },
* // },
* // Permissions: [ // PermissionList
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // PermissionsWithGrantOption: [
- * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * // "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* // ],
* // AdditionalDetails: { // DetailsMap
* // ResourceShare: [ // ResourceShareList
diff --git a/clients/client-lakeformation/src/commands/PutDataLakeSettingsCommand.ts b/clients/client-lakeformation/src/commands/PutDataLakeSettingsCommand.ts
index 05216db0f1e4..87423d6453d5 100644
--- a/clients/client-lakeformation/src/commands/PutDataLakeSettingsCommand.ts
+++ b/clients/client-lakeformation/src/commands/PutDataLakeSettingsCommand.ts
@@ -52,13 +52,18 @@ export interface PutDataLakeSettingsCommandOutput extends PutDataLakeSettingsRes
* DataLakePrincipalIdentifier: "STRING_VALUE",
* },
* ],
+ * ReadOnlyAdmins: [
+ * {
+ * DataLakePrincipalIdentifier: "STRING_VALUE",
+ * },
+ * ],
* CreateDatabaseDefaultPermissions: [ // PrincipalPermissionsList
* { // PrincipalPermissions
* Principal: {
* DataLakePrincipalIdentifier: "STRING_VALUE",
* },
* Permissions: [ // PermissionList
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* },
* ],
@@ -68,7 +73,7 @@ export interface PutDataLakeSettingsCommandOutput extends PutDataLakeSettingsRes
* DataLakePrincipalIdentifier: "STRING_VALUE",
* },
* Permissions: [
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* },
* ],
@@ -79,6 +84,7 @@ export interface PutDataLakeSettingsCommandOutput extends PutDataLakeSettingsRes
* "STRING_VALUE",
* ],
* AllowExternalDataFiltering: true || false,
+ * AllowFullTableExternalDataAccess: true || false,
* ExternalDataFilteringAllowList: [
* {
* DataLakePrincipalIdentifier: "STRING_VALUE",
diff --git a/clients/client-lakeformation/src/commands/RevokePermissionsCommand.ts b/clients/client-lakeformation/src/commands/RevokePermissionsCommand.ts
index 4960a50cb5ca..1cd2f597e7e4 100644
--- a/clients/client-lakeformation/src/commands/RevokePermissionsCommand.ts
+++ b/clients/client-lakeformation/src/commands/RevokePermissionsCommand.ts
@@ -104,10 +104,10 @@ export interface RevokePermissionsCommandOutput extends RevokePermissionsRespons
* },
* },
* Permissions: [ // PermissionList // required
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* PermissionsWithGrantOption: [
- * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_TAG" || "ASSOCIATE",
+ * "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION",
* ],
* };
* const command = new RevokePermissionsCommand(input);
diff --git a/clients/client-lakeformation/src/models/models_0.ts b/clients/client-lakeformation/src/models/models_0.ts
index d093a9c983b9..5e93e3ce2cbb 100644
--- a/clients/client-lakeformation/src/models/models_0.ts
+++ b/clients/client-lakeformation/src/models/models_0.ts
@@ -623,12 +623,13 @@ export const Permission = {
ALTER: "ALTER",
ASSOCIATE: "ASSOCIATE",
CREATE_DATABASE: "CREATE_DATABASE",
+ CREATE_LF_TAG: "CREATE_LF_TAG",
CREATE_TABLE: "CREATE_TABLE",
- CREATE_TAG: "CREATE_TAG",
DATA_LOCATION_ACCESS: "DATA_LOCATION_ACCESS",
DELETE: "DELETE",
DESCRIBE: "DESCRIBE",
DROP: "DROP",
+ GRANT_WITH_LF_TAG_EXPRESSION: "GRANT_WITH_LF_TAG_EXPRESSION",
INSERT: "INSERT",
SELECT: "SELECT",
} as const;
@@ -920,7 +921,7 @@ export interface DataCellsFilter {
RowFilter?: RowFilter;
/**
- * A list of column names.
+ * A list of column names and/or nested column attributes. When specifying nested attributes, use a qualified dot (.) delimited format such as "address"."zip". Nested attributes within this list may not exceed a depth of 5.
*/
ColumnNames?: string[];
@@ -1322,6 +1323,11 @@ export interface DataLakeSettings {
*/
DataLakeAdmins?: DataLakePrincipal[];
+ /**
+ * A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.
+ */
+ ReadOnlyAdmins?: DataLakePrincipal[];
+
/**
* Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions.
* A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting "Use only IAM access control," and is for backward compatibility with the Glue permission model implemented by IAM permissions.
@@ -1353,10 +1359,15 @@ export interface DataLakeSettings {
* Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
* If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
* If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
- * For more information, see (Optional) Allow Data Filtering on Amazon EMR.
+ * For more information, see (Optional) Allow external data filtering.
*/
AllowExternalDataFiltering?: boolean;
+ /**
+ * Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
+ */
+ AllowFullTableExternalDataAccess?: boolean;
+
/**
* A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.>
*/
@@ -1915,6 +1926,8 @@ export interface PartitionValueList {
export const PermissionType = {
CELL_FILTER_PERMISSION: "CELL_FILTER_PERMISSION",
COLUMN_PERMISSION: "COLUMN_PERMISSION",
+ NESTED_CELL_PERMISSION: "NESTED_CELL_PERMISSION",
+ NESTED_PERMISSION: "NESTED_PERMISSION",
} as const;
/**
@@ -1954,7 +1967,7 @@ export interface GetTemporaryGluePartitionCredentialsRequest {
/**
* A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
*/
- SupportedPermissionTypes: (PermissionType | string)[] | undefined;
+ SupportedPermissionTypes?: (PermissionType | string)[];
}
/**
@@ -2034,7 +2047,7 @@ export interface GetTemporaryGlueTableCredentialsRequest {
/**
* A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
*/
- SupportedPermissionTypes: (PermissionType | string)[] | undefined;
+ SupportedPermissionTypes?: (PermissionType | string)[];
}
/**
diff --git a/codegen/sdk-codegen/aws-models/lakeformation.json b/codegen/sdk-codegen/aws-models/lakeformation.json
index d0d6cb75e7d8..ed02d8f34f0d 100644
--- a/codegen/sdk-codegen/aws-models/lakeformation.json
+++ b/codegen/sdk-codegen/aws-models/lakeformation.json
@@ -549,8 +549,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "af-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -562,8 +562,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -575,8 +575,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-northeast-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -588,8 +588,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-northeast-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -601,8 +601,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-northeast-3",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -614,8 +614,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -627,8 +627,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-southeast-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -640,8 +640,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ap-southeast-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -653,8 +653,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "ca-central-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -666,8 +666,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-central-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -679,8 +679,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-north-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -692,8 +692,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -705,8 +705,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-west-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -718,8 +718,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-west-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -731,8 +731,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "eu-west-3",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -744,8 +744,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "me-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -757,8 +757,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "sa-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -770,8 +770,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -783,8 +783,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-east-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -796,8 +796,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-east-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -809,8 +809,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-east-2",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -822,8 +822,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-west-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -835,8 +835,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-west-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -848,8 +848,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-west-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -861,8 +861,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-west-2",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -874,8 +874,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-east-1",
+ "UseFIPS": true,
"UseDualStack": true
}
},
@@ -887,8 +887,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-east-1",
+ "UseFIPS": false,
"UseDualStack": true
}
},
@@ -900,8 +900,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "cn-north-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -913,8 +913,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "cn-northwest-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -926,8 +926,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "cn-north-1",
+ "UseFIPS": true,
"UseDualStack": true
}
},
@@ -939,8 +939,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "cn-north-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -952,8 +952,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "cn-north-1",
+ "UseFIPS": false,
"UseDualStack": true
}
},
@@ -965,8 +965,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-gov-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -978,8 +978,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-gov-east-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -991,8 +991,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-gov-west-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -1004,8 +1004,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-gov-west-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -1017,8 +1017,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-gov-east-1",
+ "UseFIPS": true,
"UseDualStack": true
}
},
@@ -1030,8 +1030,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-gov-east-1",
+ "UseFIPS": false,
"UseDualStack": true
}
},
@@ -1041,8 +1041,8 @@
"error": "FIPS and DualStack are enabled, but this partition does not support one or both"
},
"params": {
- "UseFIPS": true,
"Region": "us-iso-east-1",
+ "UseFIPS": true,
"UseDualStack": true
}
},
@@ -1054,8 +1054,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-iso-east-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -1065,8 +1065,8 @@
"error": "DualStack is enabled but this partition does not support DualStack"
},
"params": {
- "UseFIPS": false,
"Region": "us-iso-east-1",
+ "UseFIPS": false,
"UseDualStack": true
}
},
@@ -1078,8 +1078,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-iso-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -1089,8 +1089,8 @@
"error": "FIPS and DualStack are enabled, but this partition does not support one or both"
},
"params": {
- "UseFIPS": true,
"Region": "us-isob-east-1",
+ "UseFIPS": true,
"UseDualStack": true
}
},
@@ -1102,8 +1102,8 @@
}
},
"params": {
- "UseFIPS": true,
"Region": "us-isob-east-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -1113,8 +1113,8 @@
"error": "DualStack is enabled but this partition does not support DualStack"
},
"params": {
- "UseFIPS": false,
"Region": "us-isob-east-1",
+ "UseFIPS": false,
"UseDualStack": true
}
},
@@ -1126,8 +1126,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-isob-east-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
@@ -1139,8 +1139,8 @@
}
},
"params": {
- "UseFIPS": false,
"Region": "us-east-1",
+ "UseFIPS": false,
"UseDualStack": false,
"Endpoint": "https://example.com"
}
@@ -1164,8 +1164,8 @@
"error": "Invalid Configuration: FIPS and custom endpoint are not supported"
},
"params": {
- "UseFIPS": true,
"Region": "us-east-1",
+ "UseFIPS": true,
"UseDualStack": false,
"Endpoint": "https://example.com"
}
@@ -1176,8 +1176,8 @@
"error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
},
"params": {
- "UseFIPS": false,
"Region": "us-east-1",
+ "UseFIPS": false,
"UseDualStack": true,
"Endpoint": "https://example.com"
}
@@ -2134,7 +2134,7 @@
"ColumnNames": {
"target": "com.amazonaws.lakeformation#ColumnNames",
"traits": {
- "smithy.api#documentation": "A list of column names.
"
+ "smithy.api#documentation": "A list of column names and/or nested column attributes. When specifying nested attributes, use a qualified dot (.) delimited format such as \"address\".\"zip\". Nested attributes within this list may not exceed a depth of 5.
"
}
},
"ColumnWildcard": {
@@ -2289,6 +2289,12 @@
"smithy.api#documentation": "A list of Lake Formation principals. Supported principals are IAM users or IAM roles.
"
}
},
+ "ReadOnlyAdmins": {
+ "target": "com.amazonaws.lakeformation#DataLakePrincipalList",
+ "traits": {
+ "smithy.api#documentation": "A list of Lake Formation principals with only view access to the resources, without the ability to make changes. Supported principals are IAM users or IAM roles.
"
+ }
+ },
"CreateDatabaseDefaultPermissions": {
"target": "com.amazonaws.lakeformation#PrincipalPermissionsList",
"traits": {
@@ -2316,7 +2322,13 @@
"AllowExternalDataFiltering": {
"target": "com.amazonaws.lakeformation#NullableBoolean",
"traits": {
- "smithy.api#documentation": "Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
\n If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
\n If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
\n For more information, see (Optional) Allow Data Filtering on Amazon EMR.
"
+ "smithy.api#documentation": "Whether to allow Amazon EMR clusters to access data managed by Lake Formation.
\n If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.
\n If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.
\n For more information, see (Optional) Allow external data filtering.
"
+ }
+ },
+ "AllowFullTableExternalDataAccess": {
+ "target": "com.amazonaws.lakeformation#NullableBoolean",
+ "traits": {
+ "smithy.api#documentation": "Whether to allow a third-party query engine to get data access credentials without session tags when a caller has full data access permissions.
"
}
},
"ExternalDataFilteringAllowList": {
@@ -3830,8 +3842,7 @@
"SupportedPermissionTypes": {
"target": "com.amazonaws.lakeformation#PermissionTypeList",
"traits": {
- "smithy.api#documentation": "A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
",
- "smithy.api#required": {}
+ "smithy.api#documentation": "A list of supported permission types for the partition. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
"
}
}
},
@@ -3939,8 +3950,7 @@
"SupportedPermissionTypes": {
"target": "com.amazonaws.lakeformation#PermissionTypeList",
"traits": {
- "smithy.api#documentation": "A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
",
- "smithy.api#required": {}
+ "smithy.api#documentation": "A list of supported permission types for the table. Valid values are COLUMN_PERMISSION and CELL_FILTER_PERMISSION.
"
}
}
},
@@ -4706,7 +4716,7 @@
}
],
"traits": {
- "smithy.api#documentation": "Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
\n This operation returns only those permissions that have been explicitly granted.
\n For information about permissions, see Security and Access Control to Metadata and Data.
",
+ "smithy.api#documentation": "Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
\n This operation returns only those permissions that have been explicitly granted.
\n For information about permissions, see Security and Access Control to Metadata and Data.
",
"smithy.api#http": {
"method": "POST",
"uri": "/ListPermissions",
@@ -5285,10 +5295,10 @@
"smithy.api#enumValue": "DATA_LOCATION_ACCESS"
}
},
- "CREATE_TAG": {
+ "CREATE_LF_TAG": {
"target": "smithy.api#Unit",
"traits": {
- "smithy.api#enumValue": "CREATE_TAG"
+ "smithy.api#enumValue": "CREATE_LF_TAG"
}
},
"ASSOCIATE": {
@@ -5296,6 +5306,12 @@
"traits": {
"smithy.api#enumValue": "ASSOCIATE"
}
+ },
+ "GRANT_WITH_LF_TAG_EXPRESSION": {
+ "target": "smithy.api#Unit",
+ "traits": {
+ "smithy.api#enumValue": "GRANT_WITH_LF_TAG_EXPRESSION"
+ }
}
}
},
@@ -5319,6 +5335,18 @@
"traits": {
"smithy.api#enumValue": "CELL_FILTER_PERMISSION"
}
+ },
+ "NESTED_PERMISSION": {
+ "target": "smithy.api#Unit",
+ "traits": {
+ "smithy.api#enumValue": "NESTED_PERMISSION"
+ }
+ },
+ "NESTED_CELL_PERMISSION": {
+ "target": "smithy.api#Unit",
+ "traits": {
+ "smithy.api#enumValue": "NESTED_CELL_PERMISSION"
+ }
}
}
},