Closed ilyasotkov closed 4 years ago
Haven't had a chance to test this out yet, but the issue was addressed in the latest CloudFormation release (January 16, 2020): https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html
Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-permissions-resource.html
1. AWS::LakeFormation::Permissions-Resource missing TableWithColumns, DataLocation attributes
2. Scope of request
Implement and document the TableWithColumns, DataLocation properties of
AWS::LakeFormation::Permissions-Resource
.3. Expected behavior
Lake Formation core has expected functionality with declarative CloudFormation workflow (kind of the whole point of the service compared to Glue+IAM granular)
4. Suggest specific test cases
Test access to specific columns, that removing a column from
TableWithColumns
results in correct revoke operation in the backend, adding one or more columns results in granting access for them, etc.5. Helpful Links to speed up research and evaluation
CloudFormation docs
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-permissions-resource.html
boto3 alternative
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/lakeformation.html#LakeFormation.Client.grant_permissions
AWS Lake Formation API
https://docs.aws.amazon.com/lake-formation/latest/dg/aws-lake-formation-api.html
6. Category
Use the categories as displayed in the AWS Management Console (simplified):
Analytics (Athena, EMR, Glue,...)