Skip to content

Latest commit

 

History

History
187 lines (120 loc) · 4.01 KB

DataMeshAdmin.md

File metadata and controls

187 lines (120 loc) · 4.01 KB

Data Mesh Administrator

The DataMeshAdmin.py class provides functions to create the Data Mesh, and to enable AWS Accounts to act as Producers and Consumers.

Creating a Data Mesh Admin Instance

Request Syntax

DataMeshAdmin(
	data_mesh_account_id: str, 
	region_name: str = 'us-east-1', 
	log_level: str = "INFO",
	use_credentials=None
)

Parameters

  • data_mesh_account_id: The AWS Account ID to use as the central Data Mesh Account in the region
  • region_name: The short AWS Region Name in which to install the Data Mesh
  • log_level: The level of information you want to see when executing. Based upon python logging, values include INFO, DEBUG, ERROR, etc.
  • use_credentials: Credentials to use to setup the instance. This can be provided as a boto3 Credentials object, a dict containing the below structure, or if None is provided the boto3 environment will be accessed.
Credentials dict structure
{
    "AccountId": "The Consumer AWS Account ID",
    "AccessKeyId": "Your access key",
    "SecretAccessKey": "Your secret key",
    "SessionToken": "Optional - a session token, if you are using an IAM Role & temporary credentials"
}

The following methods are available:

initialize_mesh_account

Sets up an AWS Account to act as the central governance account in an AWS Region.

Request Syntax

initialize_mesh_account()

Parameters

None

Return Type

dict

Response Syntax

{
	"Manager": str
	"ReadOnly": str
	"SubscriptionTracker": {
		"Table": str,
		"Stream": str,
	}
}

Response Structure

  • Manager: ARN of the DataMeshManager IAM Role created for subsequent administration tasks
  • ReadOnly: ARN of the DataMeshReadOnly IAM Role used to view public metadata
  • SubscriptionTracker: dict
    • Table: The ARN of the DynamoDB Table used to track subscriptions over time
    • Stream: The ARN of the DynamoDB Stream you can subscribe to for event processing

initialize_producer_account

Installs the required IAM security objects into an AWS Account so that it can act as a Producer.

Request Syntax

initialize_producer_account(
	crawler_role_arn: str = None
)

Parameters

  • crawler_role_arn: The ARN of an IAM Role to be used for Glue Crawlers by the Producer. This ARN will be enabled for iam:PassRole by the Producer principal.

Return Type

None

Response Syntax

Response Structure

initialize_consumer_account

Installs the required IAM security objects into an AWS Account so that it can act as a Consumer.

Request Syntax

initialize_consumer_account()

Parameters

None

Return Type

None

Response Syntax

Response Structure

enable_account_as_producer

Within the Data Mesh Account, enables an Account to publish data products and grant permissions using Lake Formation.

Request Syntax

enable_account_as_producer(
	account_id: str,
	enable_crawler_role: str = None
):

Parameters

  • account_id: The AWS Account to allow to act as a Producer
  • enable_crawler_role: The role ARN from the Producer Account which will be updating data mesh objects.

Return Type

None

Response Syntax

Response Structure

enable_account_as_consumer

Within the Data Mesh Account, enables an Account to request subscriptions to data products and accept sharing invitations.

Request Syntax

enable_account_as_consumer(
	account_id: str
):

Parameters

  • account_id: The AWS Account to allow to act as a Producer

Return Type

None

Response Syntax

Response Structure