Closed vishallakhotia closed 1 week ago
To overcome this error from cloudtrail , i found the eventname="createdatabase" and found the userName = cdk-hnb659fds-cfn-exec-role-ACCOUNT_ID-us-east-1 . Then I added that to the LakeFormation permissions for cdk-hnb659fds-cfn-exec-role-ACCOUNT_ID-us-east-1 as a database creator and it allowed the deployment to continue.
In my account LakeFormation is already activated in us-east-1.
As you mentioned, this looks like the root cause. Doc says:
The user/role must be a data lake administrator.
cdk-hnb659fds-cfn-exec-role-ACCOUNT_ID-us-east-1
This role is used to provision resources on your account, so your workaround looks reasonable.
There are 2 options #1. update the instruction to just add this user as a data lake administrator and retry
This issue has been labeled as "stale" due to no response by the reporter within 1 month (and 14 days after last commented by someone). And it will be closed automatically 14 days later if not responded.
@vishallakhotia Thank you for detailed workaround. Let us close this issue as open another issue (#503) to describe this procedure you mentioned.
Describe the bug
Filling out this field will help us investigate the issue efficiently. Providing detailed information allows us to set the appropriate priority. We appreciate your cooperation./us-east-1" ( with the right 12 digit value of the ACCOUNT_ID subsituted) runs fine
However "cdk deploy --require-approval never --all" errors out
I created an amazon linux 2023 instance and installed docker, npm, cdk etc. I am trying to do a cdk deploy with the latest code . The "cdk bootstrap aws://
7:29:24 PM | CREATE_FAILED | AWS::Glue::Database | UsageAnalysisDatabase203EEF4F Insufficient Lake Formation permission(s): Required Create Database on Catalog (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 1ddc191c-b7c8-4f5b-a035-7da398c28263; Proxy: null)
To Reproduce
Filling out this field will help us investigate the issue efficiently. Providing detailed information allows us to set the appropriate priority. We appreciate your cooperation.
Steps to reproduce the behavior:
7:29:24 PM | CREATE_FAILED | AWS::Glue::Database | UsageAnalysisDatabase203EEF4F Insufficient Lake Formation permission(s): Required Create Database on Catalog (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 1ddc191c-b7c8-4f5b-a035-7da398c28263; Proxy: null)
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.