stthoom
commented
3 years ago WIP. Performed POC with policy tags using AWS console over Orbit lake-user IAM role to validate the tag based access control.
Need to extend the LF interaction with Orbit CDK and Notebook boto3.
Direction - Create new Admin team( notebooks to setup Lake-formation in account and add orbit admin role to LF administrators). Lake creator should create the schema database and tables + add the policy tags to the resources. Lake user should verify the access of given/restricted database/tables/columns.
Parameterize the tags used in manifest file. Use manifest/context to fetch tags and stick to IAM role used for data access in orbit. Create notebook to add tags to demo sample cms schema tables. Verify the tag based access control mechanism.