Firehose Transformation Table Permissions Issue

[orika-orrie]

Describe the bug I have added a new region to my LZA and when running the pipeline, at the logging stage I get the error below. AWSAccelerator-LoggingStack-xxxxxxxxxxxx-us-west-2 | 40/59 | 7:00:33 PM | CREATE_FAILED | AWS::KinesisFirehose::DeliveryStream | FirehoseToS3Setup/Kinesis-Firehose-Stream-Dynamic-Partitioning (FirehoseToS3SetupKinesisFirehoseStreamDynamicPartitioning65876320) Resource handler returned message: "Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on aws-accelerator-firehose-transformation-table (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException;

To Reproduce

1. We launched LZA successfully in us-east-1 using CodePipeline.
2. We launched Security Lake in us-east 1 for a team project.
3. Updated global-config.yaml a few days later to add us-west-2. Expected behavior Successful run of the Pipeline. Please complete the following information about the solution:

• [ ] Version: [e.g. v3.1.2]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version v5.0.0". If the description does not contain the version information, you can look at the mappings section of the template:

Mappings:
  SourceCode:
    General:
      S3Bucket: "solutions"
      KeyPrefix: "video-on-demand-on-aws/v5.0.0"

• [ ] Region: us-east-1 and us-west-2
• [ ] Was the solution modified from the version published on this repository? No
• [ ] If the answer to the previous question was yes, are the changes available on GitHub?
• [ ] Have you checked your service quotas for the sevices this solution uses? No
• [ ] Were there any errors in the CloudWatch Logs? No

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[awsclemj]

Hello @orika-orrie, thank you for filing an issue with the Landing Zone Accelerator team! We are currently looking into the issue you've reported and will provide a status update as soon as possible.