# Configuring Lake Formation permissions

- For the `DatalakeAdmin` and `DataAnalyst` user

# Setting up a `governed` table

- Sign in to the Lake Formation console in us-east-1 Region using the `DatalakeAdmin` user.
- Create a `governed table`

# Dataset

Amazon Review: https://s3.amazonaws.com/amazon-reviews-pds/tsv/index.txt

# Start a new transaction with the `StartTransaction` API

In [16]:
!aws lakeformation-preview start-transaction --profile datalake-admin

{
    "TransactionId": "a8f6a568d8f940c292fb3c230d26d1a5"
}


In [17]:
TransactionId = "a8f6a568d8f940c292fb3c230d26d1a5"

# Add files to this table within this transaction

In [21]:
!aws s3 ls s3://amazon-reviews-pds/parquet/product_category=Toys/

2018-04-09 12:09:59  127618720 part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:00  126730698 part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:00  126498030 part-00002-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:00  126542895 part-00003-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:00  127220750 part-00004-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:02  126628389 part-00005-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:03  126315331 part-00006-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:03  126832082 part-00007-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:03  126929544 part-00008-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:10:03  126858343 part-00009-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet


In [3]:
some_file = "part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet"

In [4]:
!aws s3api head-object --bucket amazon-reviews-pds --key parquet/product_category=Toys/{some_file} | jq . 

[1;39m{
  [0m[34;1m"AcceptRanges"[0m[1;39m: [0m[0;32m"bytes"[0m[1;39m,
  [0m[34;1m"LastModified"[0m[1;39m: [0m[0;32m"2018-04-09T06:40:00+00:00"[0m[1;39m,
  [0m[34;1m"ContentLength"[0m[1;39m: [0m[0;39m126730698[0m[1;39m,
  [0m[34;1m"ETag"[0m[1;39m: [0m[0;32m"\"5177d6a3e64ec024dd650c2f1ccc9a3f-16\""[0m[1;39m,
  [0m[34;1m"ContentType"[0m[1;39m: [0m[0;32m"binary/octet-stream"[0m[1;39m,
  [0m[34;1m"Metadata"[0m[1;39m: [0m[1;39m{}[0m[1;39m
[1;39m}[0m


Create a new file named `write-operations1.json` and enter the following JSON: (replace `Uri`, `ETag`, and `Size` with the values you copied)

In [1]:
!cat write-operations1.json | jq . 

[1;39m[
  [1;39m{
    [0m[34;1m"AddObject"[0m[1;39m: [0m[1;39m{
      [0m[34;1m"Uri"[0m[1;39m: [0m[0;32m"s3://amazon-reviews-pds/parquet/product_category=Toys/part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet"[0m[1;39m,
      [0m[34;1m"ETag"[0m[1;39m: [0m[0;32m"5177d6a3e64ec024dd650c2f1ccc9a3f-16"[0m[1;39m,
      [0m[34;1m"Size"[0m[1;39m: [0m[0;39m126730698[0m[1;39m,
      [0m[34;1m"PartitionValues"[0m[1;39m: [0m[1;39m[
        [0;32m"Toys"[0m[1;39m
      [1;39m][0m[1;39m
    [1;39m}[0m[1;39m
  [1;39m}[0m[1;39m
[1;39m][0m


## Add file to the governed table using the `write-operations1.json`

### a) `update-table-objects` API 

In [25]:
!aws lakeformation-preview update-table-objects \
                        --database-name lakeformation_tutorial_amazon_reviews  \
                        --table-name amazon_reviews_governed --transaction-id {TransactionId} \
                        --write-operations file://./write-operations1.json --profile datalake-admin


### b) `get-table-objects` API 

In [26]:
!aws lakeformation-preview get-table-objects \
                        --database-name lakeformation_tutorial_amazon_reviews  \
                        --table-name amazon_reviews_governed --transaction-id {TransactionId} --profile datalake-admin

{
    "Objects": [
        {
            "PartitionValues": [
                "Books"
            ],
            "Objects": [
                {
                    "Uri": "s3://amazon-reviews-pds/parquet/product_category=Books/part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet",
                    "ETag": "9805c2c9a0459ccf337e01dc727f8efc-131",
                    "Size": 1094842361
                }
            ]
        },
        {
            "PartitionValues": [
                "Camera"
            ],
            "Objects": [
                {
                    "Uri": "s3://amazon-reviews-pds/parquet/product_category=Camera/part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet",
                    "ETag": "d4c25c40f33071620fb31cf0346ed2ec-8",
                    "Size": 65386769
                }
            ]
        },
        {
            "PartitionValues": [
                "Toys"
            ],
            "Obj

## Commit the transaction

In [31]:
!aws lakeformation-preview commit-transaction \ 
                        --transaction-id {TransactionId} 
                        --profile datalake-admin


# Start another new transaction with the `StartTransaction` API

In [32]:
!aws lakeformation-preview start-transaction --profile datalake-admin

{
    "TransactionId": "a5c94da8ce2d475babb3d0c435592529"
}


In [34]:
TransactionId = "a5c94da8ce2d475babb3d0c435592529"

# Add files to this table within this transaction

In [35]:
!aws s3 ls s3://amazon-reviews-pds/parquet/product_category=Music/


2018-04-09 12:08:54  295413373 part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:08:54  290061737 part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:08:54  291400775 part-00002-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:08:54  293260391 part-00003-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:08:55  292661147 part-00004-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:09:02  290476651 part-00005-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:09:02  291893173 part-00006-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:09:02  295227211 part-00007-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:09:02  289890232 part-00008-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet
2018-04-09 12:09:03  295334612 part-00009-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet


In [6]:
some_file = "part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet"

In [8]:
!aws s3api head-object --bucket amazon-reviews-pds --key parquet/product_category=Music/{some_file} | jq . 

[1;39m{
  [0m[34;1m"AcceptRanges"[0m[1;39m: [0m[0;32m"bytes"[0m[1;39m,
  [0m[34;1m"LastModified"[0m[1;39m: [0m[0;32m"2018-04-09T06:38:54+00:00"[0m[1;39m,
  [0m[34;1m"ContentLength"[0m[1;39m: [0m[0;39m290061737[0m[1;39m,
  [0m[34;1m"ETag"[0m[1;39m: [0m[0;32m"\"692a5d993b35c12befe6eef06079d150-35\""[0m[1;39m,
  [0m[34;1m"ContentType"[0m[1;39m: [0m[0;32m"binary/octet-stream"[0m[1;39m,
  [0m[34;1m"Metadata"[0m[1;39m: [0m[1;39m{}[0m[1;39m
[1;39m}[0m


Create a new file named `write-operations2.json` and enter the following JSON: (replace `Uri`, `ETag`, and `Size` with the values you copied)

In [9]:
!cat write-operations2.json | jq . 

[1;39m[
  [1;39m{
    [0m[34;1m"AddObject"[0m[1;39m: [0m[1;39m{
      [0m[34;1m"Uri"[0m[1;39m: [0m[0;32m"s3://amazon-reviews-pds/parquet/product_category=Music/part-00001-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet"[0m[1;39m,
      [0m[34;1m"ETag"[0m[1;39m: [0m[0;32m"692a5d993b35c12befe6eef06079d150-35"[0m[1;39m,
      [0m[34;1m"Size"[0m[1;39m: [0m[0;39m290061737[0m[1;39m,
      [0m[34;1m"PartitionValues"[0m[1;39m: [0m[1;39m[
        [0;32m"Music"[0m[1;39m
      [1;39m][0m[1;39m
    [1;39m}[0m[1;39m
  [1;39m}[0m[1;39m
[1;39m][0m


## Add file to the governed table using the `write-operations2.json`

### a) `update-table-objects` API 

In [40]:
!aws lakeformation-preview update-table-objects \
                        --database-name lakeformation_tutorial_amazon_reviews  \
                        --table-name amazon_reviews_governed --transaction-id {TransactionId} \
                        --write-operations file://./write-operations2.json --profile datalake-admin


### b) `get-table-objects` API 

In [41]:
!aws lakeformation-preview get-table-objects \
                        --database-name lakeformation_tutorial_amazon_reviews  \
                        --table-name amazon_reviews_governed --transaction-id {TransactionId} --profile datalake-admin

{
    "Objects": [
        {
            "PartitionValues": [
                "Books"
            ],
            "Objects": [
                {
                    "Uri": "s3://amazon-reviews-pds/parquet/product_category=Books/part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet",
                    "ETag": "9805c2c9a0459ccf337e01dc727f8efc-131",
                    "Size": 1094842361
                }
            ]
        },
        {
            "PartitionValues": [
                "Camera"
            ],
            "Objects": [
                {
                    "Uri": "s3://amazon-reviews-pds/parquet/product_category=Camera/part-00000-495c48e6-96d6-4650-aa65-3c36a3516ddd.c000.snappy.parquet",
                    "ETag": "d4c25c40f33071620fb31cf0346ed2ec-8",
                    "Size": 65386769
                }
            ]
        },
        {
            "PartitionValues": [
                "Music"
            ],
            "Ob

## Commit the transaction

In [45]:
!aws lakeformation-preview commit-transaction \ 
                        --transaction-id {TransactionId} 
                        --profile datalake-admin

# Now we can do the following: 

- Login to UI(Lake Formation console) to check these two partitions 
- Querying the governed table using Amazon Athena

In [None]:
!aws lakeformation-preview list-transactions --profile datalake-admin