[Enhancement] Data filtering and cell-level security in Lake Formation

[be-rock]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Requesting a new permission type to be added to aws_lakeformation_permissions to support what AWS describes as Data filtering and cell-level security in Lake Formation

New or Affected Resource(s)

aws_lakeformation_permissions

• data_cells_filter relates to the CF resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-datacellsfilter.html
  • row_filter - relates to this CF resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-datacellsfilter-rowfilter.html

Potential Terraform Configuration

# row_filter
resource "aws_lakeformation_permissions" "my_lf_perms" {
    permissions = ["SELECT"]
    principal   = "arn:aws:iam::${data.aws_caller_identity.current.id}:role/my_lf_user"

  data_cells_filter {
    database_name = aws_glue_catalog_table.example1.database_name
    table_name    = aws_glue_catalog_table.example1.name
    column_names  = ["col1", "col2"]
    name          = "name-of-data-cells-filter"
    row_filter {
      filter_expression = "a-partiql-predicate"
    }
  }
}

References

None in addition to what's been shared above

[be-rock]

Related https://github.com/hashicorp/terraform-provider-aws/issues/27677