search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.74k stars 9.1k forks source link

Fails to manage permissions on registered data lake location #17222

Closed mristau-gn closed 3 years ago

mristau-gn commented 3 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.12.29
+ provider.aws v3.22.0

Affected Resource(s)

Terraform Configuration Files

resource "aws_lakeformation_permissions" "s3_lake_permissions" {
  principal   = "<principal role arn>"
  permissions = ["ALL"]

  data_location {
    arn = "<data lake location arn>"
  }
}

Same as example usage in docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_permissions

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Error: error creating Lake Formation Permissions (input: {
  Permissions: ["ALL"],
  Principal: {
    DataLakePrincipalIdentifier: "<principal role arn>"
  },
  Resource: {
    DataLocation: {
      ResourceArn: "<data lake location arn>"
    }
  }
}): error creating Lake Formation Permissions: InvalidInputException: Permissions modification is invalid.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

patrickdeutsch-wk commented 3 years ago

I was struggling on this for a minute especially since the example uses "ALL" I switched to permissions = ["DATA_LOCATION_ACCESS"] and it seems to have worked. https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html#perm-location

mristau-gn commented 3 years ago

Thanks @patrickdeutsch-wk . This works for me as well.

ghost commented 3 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!