The LfS3Location requires a Bucket object and is using grantReadWrite to authorize the LakeFormation role to access data. This requires the bucket to be managed in the same CDK stack and so does not work in cross account setup.
We need to refactor the interface to an S3Location and an IKey (the KMS key used for the bucket encryption) and then create IAM permissions manually (not using the grantReadWrite)
flochaz
commented
2 years ago
The LfS3Location requires a Bucket object and is using
grantReadWriteto authorize the LakeFormation role to access data. This requires the bucket to be managed in the same CDK stack and so does not work in cross account setup.We need to refactor the interface to an S3Location and an IKey (the KMS key used for the bucket encryption) and then create IAM permissions manually (not using the grantReadWrite)