:doc:`LakeFormation <../../lakeformation>` / Client / get_temporary_glue_table_credentials

************************************
get_temporary_glue_table_credentials
************************************



.. py:method:: LakeFormation.Client.get_temporary_glue_table_credentials(**kwargs)

  

  Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.

   

  To call this API, the role that the service assumes must have ``lakeformation:GetDataAccess`` permission on the resource.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/lakeformation-2017-03-31/GetTemporaryGlueTableCredentials>`_  


  **Request Syntax**
  ::

    response = client.get_temporary_glue_table_credentials(
        TableArn='string',
        Permissions=[
            'ALL'|'SELECT'|'ALTER'|'DROP'|'DELETE'|'INSERT'|'DESCRIBE'|'CREATE_DATABASE'|'CREATE_TABLE'|'DATA_LOCATION_ACCESS'|'CREATE_LF_TAG'|'ASSOCIATE'|'GRANT_WITH_LF_TAG_EXPRESSION'|'CREATE_LF_TAG_EXPRESSION'|'CREATE_CATALOG'|'SUPER_USER',
        ],
        DurationSeconds=123,
        AuditContext={
            'AdditionalAuditContext': 'string'
        },
        SupportedPermissionTypes=[
            'COLUMN_PERMISSION'|'CELL_FILTER_PERMISSION'|'NESTED_PERMISSION'|'NESTED_CELL_PERMISSION',
        ],
        S3Path='string',
        QuerySessionContext={
            'QueryId': 'string',
            'QueryStartTime': datetime(2015, 1, 1),
            'ClusterId': 'string',
            'QueryAuthorizationId': 'string',
            'AdditionalContext': {
                'string': 'string'
            }
        }
    )
    
  :type TableArn: string
  :param TableArn: **[REQUIRED]** 

    The ARN identifying a table in the Data Catalog for the temporary credentials request.

    

  
  :type Permissions: list
  :param Permissions: 

    Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).

    

  
    - *(string) --* 

    

  :type DurationSeconds: integer
  :param DurationSeconds: 

    The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.

    

  
  :type AuditContext: dict
  :param AuditContext: 

    A structure representing context to access a resource (column names, query ID, etc).

    

  
    - **AdditionalAuditContext** *(string) --* 

      The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.

      

    
  
  :type SupportedPermissionTypes: list
  :param SupportedPermissionTypes: 

    A list of supported permission types for the table. Valid values are ``COLUMN_PERMISSION`` and ``CELL_FILTER_PERMISSION``.

    

  
    - *(string) --* 

    

  :type S3Path: string
  :param S3Path: 

    The Amazon S3 path for the table.

    

  
  :type QuerySessionContext: dict
  :param QuerySessionContext: 

    A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request's authorization context.

    

  
    - **QueryId** *(string) --* 

      A unique identifier generated by the query engine for the query.

      

    
    - **QueryStartTime** *(datetime) --* 

      A timestamp provided by the query engine for when the query started.

      

    
    - **ClusterId** *(string) --* 

      An identifier string for the consumer cluster.

      

    
    - **QueryAuthorizationId** *(string) --* 

      A cryptographically generated query identifier generated by Glue or Lake Formation.

      

    
    - **AdditionalContext** *(dict) --* 

      An opaque string-string map passed by the query engine.

      

    
      - *(string) --* 

      
        - *(string) --* 

        
  

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AccessKeyId': 'string',
          'SecretAccessKey': 'string',
          'SessionToken': 'string',
          'Expiration': datetime(2015, 1, 1),
          'VendedS3Path': [
              'string',
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **AccessKeyId** *(string) --* 

        The access key ID for the temporary credentials.

        
      

      - **SecretAccessKey** *(string) --* 

        The secret key for the temporary credentials.

        
      

      - **SessionToken** *(string) --* 

        The session token for the temporary credentials.

        
      

      - **Expiration** *(datetime) --* 

        The date and time when the temporary credentials expire.

        
      

      - **VendedS3Path** *(list) --* 

        The Amazon S3 path for the temporary credentials.

        
        

        - *(string) --* 
    
  
  **Exceptions**
  
  *   :py:class:`LakeFormation.Client.exceptions.InvalidInputException`

  
  *   :py:class:`LakeFormation.Client.exceptions.InternalServiceException`

  
  *   :py:class:`LakeFormation.Client.exceptions.OperationTimeoutException`

  
  *   :py:class:`LakeFormation.Client.exceptions.EntityNotFoundException`

  
  *   :py:class:`LakeFormation.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`LakeFormation.Client.exceptions.PermissionTypeMismatchException`

  