:doc:`LakeFormation <../../lakeformation>` / Client / create_lake_formation_identity_center_configuration

***************************************************
create_lake_formation_identity_center_configuration
***************************************************



.. py:method:: LakeFormation.Client.create_lake_formation_identity_center_configuration(**kwargs)

  

  Creates an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/CreateLakeFormationIdentityCenterConfiguration>`_  


  **Request Syntax**
  ::

    response = client.create_lake_formation_identity_center_configuration(
        CatalogId='string',
        InstanceArn='string',
        ExternalFiltering={
            'Status': 'ENABLED'|'DISABLED',
            'AuthorizedTargets': [
                'string',
            ]
        },
        ShareRecipients=[
            {
                'DataLakePrincipalIdentifier': 'string'
            },
        ],
        ServiceIntegrations=[
            {
                'Redshift': [
                    {
                        'RedshiftConnect': {
                            'Authorization': 'ENABLED'|'DISABLED'
                        }
                    },
                ]
            },
        ]
    )
    
  :type CatalogId: string
  :param CatalogId: 

    The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, view definitions, and other control information to manage your Lake Formation environment.

    

  
  :type InstanceArn: string
  :param InstanceArn: 

    The ARN of the IAM Identity Center instance for which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    

  
  :type ExternalFiltering: dict
  :param ExternalFiltering: 

    A list of the account IDs of Amazon Web Services accounts of third-party applications that are allowed to access data managed by Lake Formation.

    

  
    - **Status** *(string) --* **[REQUIRED]** 

      Allows to enable or disable the third-party applications that are allowed to access data managed by Lake Formation.

      

    
    - **AuthorizedTargets** *(list) --* **[REQUIRED]** 

      List of third-party application ``ARNs`` integrated with Lake Formation.

      

    
      - *(string) --* 

      
  
  
  :type ShareRecipients: list
  :param ShareRecipients: 

    A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.

     

    If the ``ShareRecipients`` list includes valid values, a resource share is created with the principals you want to have access to the resources.

     

    If the ``ShareRecipients`` value is null or the list is empty, no resource share is created.

    

  
    - *(dict) --* 

      The Lake Formation principal. Supported principals are IAM users or IAM roles.

      

    
      - **DataLakePrincipalIdentifier** *(string) --* 

        An identifier for the Lake Formation principal.

        

      
    

  :type ServiceIntegrations: list
  :param ServiceIntegrations: 

    A list of service integrations for enabling trusted identity propagation with external services such as Redshift.

    

  
    - *(dict) --* 

      A union structure representing different service integration types.

      .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``Redshift``. 

    
      - **Redshift** *(list) --* 

        Redshift service integration configuration.

        

      
        - *(dict) --* 

          A union structure representing different Redshift integration scopes.

          .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``RedshiftConnect``. 

        
          - **RedshiftConnect** *(dict) --* 

            Configuration for Redshift Connect integration.

            

          
            - **Authorization** *(string) --* **[REQUIRED]** 

              The authorization status for Redshift Connect. Valid values are ENABLED or DISABLED.

              

            
          
        
    
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ApplicationArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ApplicationArn** *(string) --* 

        The Amazon Resource Name (ARN) of the Lake Formation application integrated with IAM Identity Center.

        
  
  **Exceptions**
  
  *   :py:class:`LakeFormation.Client.exceptions.InvalidInputException`

  
  *   :py:class:`LakeFormation.Client.exceptions.AlreadyExistsException`

  
  *   :py:class:`LakeFormation.Client.exceptions.InternalServiceException`

  
  *   :py:class:`LakeFormation.Client.exceptions.OperationTimeoutException`

  
  *   :py:class:`LakeFormation.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`LakeFormation.Client.exceptions.ConcurrentModificationException`

  