[AWS::LakeFormation::DataLakeSettings] - [BUG] - Can not clear permissions

Name of the resource

AWS::LakeFormation::DataLakeSettings

Resource Name

No response

Issue Description

The CreateDatabaseDefaultPermissions and CreateTableDefaultPermissions properties does not clear the values, it is as if it does a no-op. The docs state that empty arrays OR omitting the properties will clear the boolean fields on the UI, but it does not, it is just ignored. So these properties can not be unset after they have been set.

LakeFormationSettings:
    Type: AWS::LakeFormation::DataLakeSettings
    Properties:
      Admins:
        - DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****"
      CreateDatabaseDefaultPermissions: []
      CreateTableDefaultPermissions: []

Expected Behavior

The empty array or omitting the property should actually work

Observed Behavior

The values can not be unset

Test Cases

Deploy with

LakeFormationSettings:
Type: AWS::LakeFormation::DataLakeSettings
Properties:
  Admins:
    - DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****"
  CreateDatabaseDefaultPermissions:
    - Permissions:
        - ALL
      Principal:
        DataLakePrincipalIdentifier: IAM_ALLOWED_PRINCIPALS
  CreateTableDefaultPermissions:
    - Permissions:
        - ALL
      Principal:
        DataLakePrincipalIdentifier: IAM_ALLOWED_PRINCIPALS

Then remove them, observe the values have not changed via the AWS Console or API

LakeFormationSettings:
Type: AWS::LakeFormation::DataLakeSettings
Properties:
  Admins:
    - DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****"

Attempt number two, set them as empty arrays, observe the values have not changed via the AWS Console or API

LakeFormationSettings:
Type: AWS::LakeFormation::DataLakeSettings
Properties:
  Admins:
    - DataLakePrincipalIdentifier: "arn:aws:iam::*****:*****"
  CreateDatabaseDefaultPermissions: []
  CreateTableDefaultPermissions: []

Other Details

No response

aws-cloudformation / cloudformation-coverage-roadmap