registerResource method

Future<void> registerResource({
  1. required String resourceArn,
  2. String? expectedResourceOwnerAccount,
  3. bool? hybridAccessEnabled,
  4. String? roleArn,
  5. bool? useServiceLinkedRole,
  6. bool? withFederation,
  7. bool? withPrivilegedAccess,
})

Registers the resource as managed by the Data Catalog.

To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true

If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

arn:aws:iam::12345:role/my-data-access-role

May throw AccessDeniedException. May throw AlreadyExistsException. May throw EntityNotFoundException. May throw InternalServiceException. May throw InvalidInputException. May throw OperationTimeoutException. May throw ResourceNumberLimitExceededException.

Parameter resourceArn : The Amazon Resource Name (ARN) of the resource that you want to register.

Parameter expectedResourceOwnerAccount : The Amazon Web Services account that owns the Glue tables associated with specific Amazon S3 locations.

Parameter hybridAccessEnabled : Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

Parameter roleArn : The identifier for the role that registers the resource.

Parameter useServiceLinkedRole : Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.

For more information, see Using Service-Linked Roles for Lake Formation.

Parameter withFederation : Whether or not the resource is a federated resource.

Parameter withPrivilegedAccess : Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location.

Implementation

Future<void> registerResource({
  required String resourceArn,
  String? expectedResourceOwnerAccount,
  bool? hybridAccessEnabled,
  String? roleArn,
  bool? useServiceLinkedRole,
  bool? withFederation,
  bool? withPrivilegedAccess,
}) async {
  final $payload = <String, dynamic>{
    'ResourceArn': resourceArn,
    if (expectedResourceOwnerAccount != null)
      'ExpectedResourceOwnerAccount': expectedResourceOwnerAccount,
    if (hybridAccessEnabled != null)
      'HybridAccessEnabled': hybridAccessEnabled,
    if (roleArn != null) 'RoleArn': roleArn,
    if (useServiceLinkedRole != null)
      'UseServiceLinkedRole': useServiceLinkedRole,
    if (withFederation != null) 'WithFederation': withFederation,
    if (withPrivilegedAccess != null)
      'WithPrivilegedAccess': withPrivilegedAccess,
  };
  final response = await _protocol.send(
    payload: $payload,
    method: 'POST',
    requestUri: '/RegisterResource',
    exceptionFnMap: _exceptionFns,
  );
}