[Enhancement]: Allow empty default permissions in Lakeformation DataLake Settings

[ahmedmahmo]

Description

The terraform resource for managing lake formation settings (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_data_lake_settings) doesn’t allow setting empty list of permissions for create_database_default_permissions and create_table_default_permissions attributes, and when these attributes are not set terraform will not enforce the default permissions to be empty.

We would like to use following terraform configuration to enforce that:

resource "aws_lakeformation_data_lake_settings" "default" {
  ...

  create_database_default_permissions {
    permissions = []
  }

  create_table_default_permissions {
    permissions = []
  }
}

We would like to fix this behavior in terraform AWS provider, and to make it officially supported the fix should be contribute to the official provider codebase.

Affected Resource(s) and/or Data Source(s)

• aws_lakeformation_data_lake_settings

Potential Terraform Configuration

resource "aws_lakeformation_data_lake_settings" "default" {
  ...

  create_database_default_permissions {
    permissions = []
  }

  create_table_default_permissions {
    permissions = []
  }
}

References

No response

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.