Closed jliu0812 closed 1 year ago
Hi,
We will look into this issue, although we are not currently tracking it with an ECD.
In the meantime, if it's absolutely needed, a workaround can be created via CFN custom resources: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
Closing this ticket, since we are aware of the issue and internally tracking it now.
Hello, any update on this? This would be a great future to have.
Hi, the new fields are now supported. We will continue adding to our public docs, but as of now, the new fields are supported: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-datalakesettings.html
Hi ! It seems that the following does not remove IAM "CreateTableDefaultPermissions" and "CreateDatabaseDefaultPermissions".
LakeFormationSettings:
Type: AWS::LakeFormation::DataLakeSettings
Properties:
Admins:
- DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****"
CreateDatabaseDefaultPermissions: []
CreateTableDefaultPermissions: []
But it does well with the API put-data-lake-settings with this json input:
{
"DataLakeSettings": {
"DataLakeAdmins": [
{
"DataLakePrincipalIdentifier": "arn:aws:iam::*****:*****"
}
],
"CreateDatabaseDefaultPermissions": [],
"CreateTableDefaultPermissions": []
}
}
Can confirm. I am facing the exact same scenario. Please reopen the ticket.
Hi ! It seems that the following does not remove IAM "CreateTableDefaultPermissions" and "CreateDatabaseDefaultPermissions".
LakeFormationSettings: Type: AWS::LakeFormation::DataLakeSettings Properties: Admins: - DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****" CreateDatabaseDefaultPermissions: [] CreateTableDefaultPermissions: []
But it does well with the API put-data-lake-settings with this json input:
{ "DataLakeSettings": { "DataLakeAdmins": [ { "DataLakePrincipalIdentifier": "arn:aws:iam::*****:*****" } ], "CreateDatabaseDefaultPermissions": [], "CreateTableDefaultPermissions": [] } }
Name of the resource
AWS::LakeFormation::DataLakeSettings
Resource name
No response
Description
I would like LakeFormation DataLakeSettings to be able to fully support what was represent what was declared with the API.
Currently, the API supports the following fields:
However, the CloudFormation equivalent of this resource only supports the following fields:
Namely, CloudFormation does not support the CreateDatabaseDefaultPermissions, CreateTableDefaultPermissions, Parameters, TrustedResourceOwners, AllowExternalDataFiltering, ExternalDataFilteringAllowList, AuthorizedSessionTagValueList fields.
Expected Behavior
I would expect CloudFormation to be able to spin up the LakeFormation DataLakeSettings similarly with the API.
Other Details
Link to PutDataLakeSettings API: https://docs.aws.amazon.com/lake-formation/latest/APIReference/API_PutDataLakeSettings.html Link to CloudFormation equivalent resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-datalakesettings.html