I'm having issues with the AWS::LakeFormation::PrincipalPermissions resource to grant permissions to lake formation tags for IAM roles.
The issue only happens when the permissions ASSOCIATE and DESCRIBE are used together, I've tested only with DESCRIBE or only ASSOCIATE, and both work okay.
Name of the resource
Other
Resource Name
AWS::LakeFormation::PrincipalPermissions
Issue Description
I'm having issues with the
AWS::LakeFormation::PrincipalPermissions
resource to grant permissions to lake formation tags for IAM roles.The issue only happens when the permissions
ASSOCIATE
andDESCRIBE
are used together, I've tested only withDESCRIBE
or onlyASSOCIATE
, and both work okay.CloudFormation Event Entry:
CloudFormation Resource:
Expected Behavior
The permissions should be granted and not fail the stack.
Observed Behavior
ASSOCIATE
works.DESCRIBE
works.Test Cases
ASSOCIATE
andDESCRIBE
at the same time, permissions to an IAM role.Other Details
No response