AWS::LakeFormation::Permissions-Resource missing TableWithColumns, DataLocation

[ilyasotkov]

1. AWS::LakeFormation::Permissions-Resource missing TableWithColumns, DataLocation attributes

2. Scope of request

Implement and document the TableWithColumns, DataLocation properties of AWS::LakeFormation::Permissions-Resource.

3. Expected behavior

Lake Formation core has expected functionality with declarative CloudFormation workflow (kind of the whole point of the service compared to Glue+IAM granular)

4. Suggest specific test cases

Test access to specific columns, that removing a column from TableWithColumns results in correct revoke operation in the backend, adding one or more columns results in granting access for them, etc.

5. Helpful Links to speed up research and evaluation

CloudFormation docs

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-permissions-resource.html

boto3 alternative

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/lakeformation.html#LakeFormation.Client.grant_permissions

AWS Lake Formation API

https://docs.aws.amazon.com/lake-formation/latest/dg/aws-lake-formation-api.html

6. Category

Use the categories as displayed in the AWS Management Console (simplified):

Analytics (Athena, EMR, Glue,...)

[ilyasotkov]

Haven't had a chance to test this out yet, but the issue was addressed in the latest CloudFormation release (January 16, 2020): https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html

Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-permissions-resource.html