GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tokern → lakecli

tokern / lakecli

Licence: Apache-2.0, BSD-3-Clause licenses found Licenses found Apache-2.0 LICENSE BSD-3-Clause LICENSE.txt
A CLI to manage and monitor permissions in AWS Lake Formation

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awssqlpermissionsaws-glueaws-lake-formation

Projects that are alternatives of or similar to lakecli

data-lake-as-code
Data Lake as Code, featuring ChEMBL and OpenTargets
Stars: ✭ 133 (+504.55%)
Mutual labels:  aws-glue, aws-lake-formation
React-Express-JWT-UserPortal
React.js & Express.js User portal Using Core UI, JWT, JWT Token, Refresh Token, Role & Permission management, User manamgenet, Event Log.
Stars: ✭ 22 (+0%)
Mutual labels:  permissions
async-permissions
Easy handling for Android-M permission based on async/await
Stars: ✭ 25 (+13.64%)
Mutual labels:  permissions
PermissionManager
This Library automatically search for permission in androidmanifests file and request for the same
Stars: ✭ 45 (+104.55%)
Mutual labels:  permissions
ada-security
Ada Security - OAuth 2.0 client and server framework to secure web applications
Stars: ✭ 18 (-18.18%)
Mutual labels:  permissions
bring-your-own-data-labs
Bring your own data Labs: Build a serverless data pipeline based on your own data
Stars: ✭ 40 (+81.82%)
Mutual labels:  aws-glue
Kpermissions
A Kotlin library which helps to request runtime permissions in Android.
Stars: ✭ 253 (+1050%)
Mutual labels:  permissions
laravel-zend-acl
Adds ACL to Laravel via Zend\Permissions\Acl component.
Stars: ✭ 41 (+86.36%)
Mutual labels:  permissions
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+2381.82%)
Mutual labels:  permissions
bastion
No description or website provided.
Stars: ✭ 11 (-50%)
Mutual labels:  permissions
rbac
Simple RBAC/ACL for Laravel 8 caching and permission groups.
Stars: ✭ 43 (+95.45%)
Mutual labels:  permissions
spicedb
Open Source, Google Zanzibar-inspired fine-grained permissions database
Stars: ✭ 3,358 (+15163.64%)
Mutual labels:  permissions
kotlin-permissions
An Android library, written in Kotlin, which helps avoid boilerplate code when your request runtime permissions.(KotlinPermissions)
Stars: ✭ 56 (+154.55%)
Mutual labels:  permissions
analyzing-reddit-sentiment-with-aws
Learn how to use Kinesis Firehose, AWS Glue, S3, and Amazon Athena by streaming and analyzing reddit comments in realtime. 100-200 level tutorial.
Stars: ✭ 40 (+81.82%)
Mutual labels:  aws-glue
advancedPermissionHandler
This Android library is for handle running time permissions in simplest way!
Stars: ✭ 13 (-40.91%)
Mutual labels:  permissions
Rbac
Hierarchical Role-Based Access Control for Node.js
Stars: ✭ 254 (+1054.55%)
Mutual labels:  permissions
ngx-access
Add access control to your components using hierarchical configuration with logical expressions.
Stars: ✭ 21 (-4.55%)
Mutual labels:  permissions
LuckPerms-Mirai
LuckPerms on MiraiConsole
Stars: ✭ 58 (+163.64%)
Mutual labels:  permissions
permissionsql
🔏 Middleware for keeping track of users, login states and permissions
Stars: ✭ 58 (+163.64%)
Mutual labels:  permissions
nova-permissions
Add Permissions based authorization for your Nova installation via User-based Roles and Permissions. Roles are defined in the database whereas Permissions are defined in the code base.
Stars: ✭ 115 (+422.73%)
Mutual labels:  permissions
View All Similar Projects ➔

CircleCI codecov PyPI image image

Introduction

LakeCLI is a SQL interface (CLI) for managing AWS Lake Formation and AWS Glue permissions.

Features

LakeCLI provides an information schema and supports SQL GRANT/REVOKE statements. These features help administrators

  • Use familiar SQL features to view and manage permissions
  • Write scripts to automate on-boarding and removing permissions.
  • Write scripts to monitor & alert permissions to ensure best practices and policies are followed.

Information Schema

LakeCLI provides two tables:

  1. database_privileges
  2. table_privileges

Database Privileges

Column Description
id Primary Key
schema_name Name of the Schema
principal AWS IAM Role or User
permission Permission type (Described in a later section)
grant Boolean. Describes if the principal is allowed to grant permission to others

Table Privileges

Column Description
id Primary Key
schema_name Schema Name of the Table
table_name Name of the Table
principal AWS IAM Role or User
permission Permission type (Described in a later section)
grant Boolean. Describes if the principal is allowed to grant permission to others

GRANT/REVOKE Statements

GRANT/REVOKE { { PERMISSION TYPE }
    [, ...] }
    ON { [ TABLE | DATABASE ] name }
    TO role_specification

Permission Types

  • ALL
  • SELECT
  • ALTER
  • DROP
  • DELETE
  • INSERT
  • CREATE_DATABASE
  • CREATE_TABLE
  • DATA_LOCATION_ACCESS

Examples

Table Privileges

\r:iamdb> SELECT * FROM table_privileges;
+----+-------------+----------------+--------------+------------+-------+
| id | schema_name | table_name     | principal    | permission | grant |
+----+-------------+----------------+--------------+------------+-------+
| 1  | taxidata    | raw_misc       | role/lakecli | ALL        | 1     |
| 2  | taxidata    | raw_misc       | role/lakecli | ALTER      | 1     |
| 3  | taxidata    | raw_misc       | role/lakecli | DELETE     | 1     |
+----+-------------+----------------+--------------+------------+-------+

Database Privileges

\r:iamdb> SELECT * FROM database_privileges;
+----+-------------+--------------------------------+--------------+-------+
| id | schema_name | principal                      | permission   | grant |
+----+-------------+--------------------------------+--------------+-------+
| 9  | taxilake    | role/LakeFormationWorkflowRole | CREATE_TABLE | 1     |
| 10 | taxilake    | role/LakeFormationWorkflowRole | DROP         | 1     |
| 11 | default     | user/datalake_user             | ALTER        | 0     |
| 12 | default     | user/datalake_user             | CREATE_TABLE | 0     |
| 13 | default     | user/datalake_user             | DROP         | 0     |
+----+-------------+--------------------------------+--------------+-------+

GRANT

\r:iamdb> grant SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';
GRANT
Time: 1.467s

REVOKE

\r:iamdb> revoke SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';
REVOKE
Time: 1.450s

Quick Start

Install

$ pip install lakecli

Config

A config file is automatically created at ~/.lakecli/lakeclirc at first launch (run lakecli). See the file itself for a description of all available options.

Below 4 variables are required.

# AWS credentials
aws_access_key_id = ''
aws_secret_access_key = ''
region = '' # e.g us-west-2, us-east-1
account_id = ''

or you can also use environment variables:

$ export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID
$ export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY
$ export AWS_DEFAULT_REGION=us-west-2
$ export AWS_ACCOUNT_ID=ACCOUNT_ID

Features

  • Auto-completes as you type for SQL keywords as well as tables and columns in the database.
  • Syntax highlighting.
  • Smart-completion will suggest context-sensitive completion.
    • SELECT * FROM <tab> will only show table names.
    • SELECT * FROM users WHERE <tab> will only show column names.
  • Pretty prints tabular data and various table formats.
  • Some special commands. e.g. Favorite queries.
  • Alias support. Column completions will work even when table names are aliased.

Usages

$ lakecli --help
Usage: lakecli [OPTIONS]

  A Athena terminal client with auto-completion and syntax highlighting.

  Examples:
    - lakecli
    - lakecli my_database

Options:
  -e, --execute TEXT            Execute a command (or a file) and quit.
  -r, --region TEXT             AWS region.
  --aws-access-key-id TEXT      AWS access key id.
  --aws-secret-access-key TEXT  AWS secretaccess key.
  --aws-account-id TEXT         Amazon Account ID.
  --lake-cli-rc FILE            Location of lake_cli_rc file.
  --profile TEXT                AWS profile
  --scan / --no-scan
  --help                        Show this message and exit.

Credits

LakeCLI is based on AthenaCLI and the excellent DBCli project. A big thanks to all of them for providing a great foundation to build SQL CLI projects.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].