[Bug]: aws_lakeformation_resource_lf_tags cannot be applied to all tables as wildcard

[devforbes]

Terraform Core Version

1.3.1,1.4.6

AWS Provider Version

4.67.0

Affected Resource(s)

When creating aws_lakeformation_resource_lf_tags tag on a table resource the documentation says:

Under the "table" header

name - (Required, at least one of name or wildcard) Name of the table. wildcard - (Required, at least one of name or wildcard) Whether to use a wildcard representing every table under a database. Defaults to false.

I have another resource created using the "database" option and it works perfectly. When trying to make the "All Tables" assignment, such as the below example, it fails.

resource "aws_lakeformation_resource_lf_tags" "all_tables_under_db_assignment" {
  table {
    database_name = aws_glue_catalog_database.my_catalog_database.name
    wildcard      = true
  }

  lf_tag {
    key   = aws_lakeformation_lf_tag.name_of_the_tag.key
    value = "AValue"
  }
}

The error received is:

│ Error: creating AWS Lake Formation Resource LF Tags ({
│   LFTags: [{
│       TagKey: "LF-TagName",
│       TagValues: ["AValue"]
│     }],
│   Resource: {
│     Table: {
│       DatabaseName: "my_catalog_database",
│       TableWildcard: {
│ 
│       }
│     }
│   }
│ }): InvalidInputException: Table name cannot be empty.

Expected Behavior

A tag is assigned to all tables under the aws_glue_catalog_database.my_catalog_database

Actual Behavior

│ Error: creating AWS Lake Formation Resource LF Tags ({
│   LFTags: [{
│       TagKey: "LF-TagName",
│       TagValues: ["AValue"]
│     }],
│   Resource: {
│     Table: {
│       DatabaseName: "my_catalog_database",
│       TableWildcard: {
│ 
│       }
│     }
│   }
│ }): InvalidInputException: Table name cannot be empty.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

variable "account_id" {}
resource "aws_glue_catalog_database" "my_catalog_database" {
  catalog_id    = var.account_id                                               #Account ID is required, even though document says its optional 
  name          = "my_catalog_database"
  location_uri  = "s3://${data.aws_s3_bucket.your_s3_location.id}/"
  provider = aws.aws-no-defaults                        #Terraform Bug Workaround (tags from provider fail)
}

Tables are not defined in my terraform because a crawler makes them. There is no method of getting tables and pulling them in as an object unless the terraform made them. For this purpose, you can define the catalog, add a table manually, then run the below. The below should add a tag to that table.

resource "aws_lakeformation_lf_tag" "name_of_the_tag" {
  catalog_id = var.account_id                                                #Account ID is required, even though document says its optional 
  key        = "LF-SomeTag"
  values     = ["AValue"]
}

resource "aws_lakeformation_resource_lf_tags" "all_tables_under_db_assignment" {
  table {
    database_name = aws_glue_catalog_database.my_catalog_database.name
    wildcard      = true
  }

  lf_tag {
    key   = aws_lakeformation_lf_tag.name_of_the_tag.key
    value = "AValue"
  }
}

Steps to Reproduce

This terraform presumes a set up Lake Formation and catalog, with a lake formation role. It presumes you've made at least one database and table within that catalog https://docs.aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html

Try to apply the terraform It will want you to supply a table name to apply the tag too.

Debug Output

│ Error: creating AWS Lake Formation Resource LF Tags ({
│   LFTags: [{
│       TagKey: "LF-TagName",
│       TagValues: ["AValue"]
│     }],
│   Resource: {
│     Table: {
│       DatabaseName: "my_catalog_database",
│       TableWildcard: {
│ 
│       }
│     }
│   }
│ }): InvalidInputException: Table name cannot be empty.

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[devforbes]

Note: Inheritance appears to have been added by AWS so that table based tags assigned to the database level automatically apply to all tables. If this is correct, then the documentation should be changed to reflect that reality that this feature is no longer supported/required.