Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add L1 example to lakeformation readme #27917

Merged
merged 9 commits into from
Nov 10, 2023
Merged

chore: add L1 example to lakeformation readme #27917

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9f50cef
chore: add L1 example to lakeformation readme
scanlonp Nov 9, 2023
f5ce407
address review comments 1
scanlonp Nov 9, 2023
3e86f88
move resources outside of an exported class
scanlonp Nov 9, 2023
f871d1d
use stack context
scanlonp Nov 9, 2023
3dbc1cb
use stack only for proprties, not for instantiation
scanlonp Nov 9, 2023
71f9e4b
fix build
scanlonp Nov 10, 2023
0ec084d
Merge branch 'main' into scanlonp-lf-readme
scanlonp Nov 10, 2023
d9b182b
Merge branch 'main' into scanlonp-lf-readme
mergify[bot] Nov 10, 2023
7829a92
Merge branch 'main' into scanlonp-lf-readme
mergify[bot] Nov 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 84 additions & 0 deletions packages/aws-cdk-lib/aws-lakeformation/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,87 @@ For more information on the resources and properties available for this service,
(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.)

<!--END CFNONLY DISCLAIMER-->

### Example

Using the lakeformation L1s is not always the most straight forward. Here is an example of creating a glue table and putting lakeformation tags on it. Note: this example uses deprecated constructs and overly permissive IAM roles. This example is meant to give a general idea of using the L1s; it is not production level.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I would remove the first sentence and just start with "Here is an example of creating a glue table and ...". Also should we give an example that isn't using the deprecated glue Table?


```ts
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Table, Database, DataFormat, Schema } from '@aws-cdk/aws-glue-alpha';
import { CfnDataLakeSettings, CfnTag, CfnTagAssociation } from 'aws-cdk-lib/aws-lakeformation';

export class LakeFormationTaggingStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);

const accountId = process.env.CDK_DEFAULT_ACCOUNT!;
const region = process.env.CDK_DEFAULT_REGION!;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can probably remove these and use this.account and this.region everywhere


const tagKey = 'aws';
const tagValues = ['dev'];

const database = new Database(this, 'Database');

const table = new Table(this, 'Table', {
database,
columns: [
{
name: 'col1',
type: Schema.STRING,
},
{
name: 'col2',
type: Schema.STRING,
}
],
dataFormat: DataFormat.CSV,
});

const synthesizer = this.synthesizer as cdk.DefaultStackSynthesizer;
new CfnDataLakeSettings(this, 'DataLakeSettings', {
admins: [
{
dataLakePrincipalIdentifier: this.formatArn({
service: 'iam',
resource: 'role',
region: '',
account: accountId,
resourceName: 'Admin',
}),
},
{ dataLakePrincipalIdentifier: `arn:aws:iam::${accountId}:role/cdk-hnb659fds-cfn-exec-role-${accountId}-${region}` },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably cleaner like this:

{
  // The CDK cloudformation execution role.
  dataLakePrincipalIdentifier: synthesizer.cloudFormationExecutionRoleArn.replace('${AWS::Partition}', 'aws'),
}

],
});

const tag = new CfnTag(this, 'Tag', {
catalogId: accountId,
tagKey,
tagValues,
});

const lfTagPairProperty: CfnTagAssociation.LFTagPairProperty = {
catalogId: accountId,
tagKey,
tagValues,
};

const tagAssociation = new CfnTagAssociation(this, 'TagAssociation', {
lfTags: [lfTagPairProperty],
resource: {
tableWithColumns: {
databaseName: database.databaseName,
columnNames: ['col1', 'col2'],
catalogId: accountId,
name: table.tableName,
}
}
});

tagAssociation.node.addDependency(tag);
tagAssociation.node.addDependency(table);
}
}
```
Additionally, you may need to use the lakeformation console to give permissions, particularly to give the cdk-exec-role tagging permissions.
Loading