- 最新
- 投票最多
- 评论最多
Hello Matt,
I have replied to the Lake Formation support case that you have opened for the issue.
To summarise, "user" is one of the PartiQL reserved keywords as can be seen here: https://partiql.org/syntax/reserved-keywords-spec-version-2019.html
As per the Lake Formation documentation here: https://docs.aws.amazon.com/lake-formation/latest/dg/partiql-support.html#partiql-reserved-keywords
If your row filter expression contains PartiQL keywords, you will receive a parsing error as column names may conflict with the keywords. When this happens, escape the column names by using double quotes. Some examples of reserved keywords are “first”, “last”, “asc”, “missing”. See PartiQL specification for a list of reserved keywords.
To resolve the issue, please ensure that the column names are enclosed in double quotes such as below when creating the data filter in Lake Formation:
"actor"."user"."accountuid" = 'some-uid'
Have a great day!
The actor column in the CloudTrail management table contains sensitive user identity information, which is why you cannot create a filter on parts of that column like the account ID.
Try these instead.
- Create a filter on another column that uniquely identifies the account, such as the eventSource or eventName fields.
- Export the data to S3 and process it there to filter by account ID. You would extract just the rows you want and share that data.
- Consider using AWS Config instead of CloudTrail management events if you need to track changes by account. Config delivers configuration changes in a format that allows easier filtering and sharing of findings.
- The structural differences you noticed between Glue and Lake Formation for the actor column are likely due to how each service parses the JSON event data. But neither allows filtering on sensitive user identity fields for security and privacy reasons. You'll need to filter the data in another way before sharing it with other accounts.
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
Thanks! This worked, however, I had to use the Glue column name, "account_uid", rather than the Lake Formation column name of "accountuid".
"actor"."user"."account_uid"