Skip to content

Lake Formation

Lake Formation is a managed service that allows users to build, secure, and manage data lakes. Lake Formation allows users to define and enforce fine-grained access controls, manage metadata, and discover and share data across multiple data sources.

LocalStack allows you to use the Lake Formation APIs in your local environment to register resources, grant permissions, and list resources and permissions. The supported APIs are available on our API Coverage section, which provides information on the extent of Lake Formation’s integration with LocalStack.

This guide is designed for users new to Lake Formation and assumes basic knowledge of the AWS CLI and our awslocal wrapper script.

Start your LocalStack container using your preferred method. We will demonstrate how to register an S3 bucket as a resource in Lake Formation, grant permissions to a user, and list the resources and permissions.

Create a new S3 bucket named test-bucket using the mb command:

Terminal window
awslocal s3 mb s3://test-bucket

You can now register the S3 bucket as a resource in Lake Formation using the RegisterResource API. Create a file named input.json with the following content:

{
"ResourceArn": "arn:aws:s3:::test-bucket",
"UseServiceLinkedRole": true
}

Run the following command to register the resource:

Terminal window
awslocal lakeformation register-resource \
--cli-input-json file://input.json

You can list the registered resources using the ListResources API. Execute the following command to list the resources:

Terminal window
awslocal lakeformation list-resources
Output
{
"ResourceInfoList": [
{
"ResourceArn": "arn:aws:s3:::test-bucket",
"LastModified": "2024-07-11T23:27:30.699312+05:30"
}
]
}

You can grant permissions to a user or group using the GrantPermissions API. Create a file named permissions.json with the following content:

{
"CatalogId": "000000000000",
"Principal": {
"DataLakePrincipalIdentifier": "arn:aws:iam::000000000000:user/lf-developer"
},
"Resource": {
"Table": {
"CatalogId": "000000000000",
"DatabaseName": "tpc",
"TableWildcard": {}
}
},
"Permissions": [
"SELECT"
],
"PermissionsWithGrantOption": []
}

Run the following command to grant permissions:

Terminal window
awslocal lakeformation grant-permissions \
--cli-input-json file://check.json

You can list the permissions granted to a user or group using the ListPermissions API. Execute the following command to list the permissions:

Terminal window
awslocal lakeformation list-permissions
OperationImplementedImage
Page 1 of 0