🛠 Implement Lake Formation Permissions on Replicated CaDeT Databases and Tables

[julialawrence]

User Story

This story is a follow-on from https://github.com/ministryofjustice/analytical-platform/issues/5860

Once we have a list of databases and tables that correspond to replicated bucket paths, we need to grant users permissions to these objects that correspond to the data locations Data Engineering Database Access grants users access to.

Value / Purpose

For rationale of why this is desirable although it deviates from the current practice, see the Value / Purpose section of #5860

Useful Contacts

Jacob Hamblin-Pyke, Julia Lawrence

User Types

QuickSight Users

Hypothesis

No response

Proposal

Extend the work in #5600 to assign users LakeFormation permissions on databases and tables based on information derived from #5860

Additional Information

No response

Definition of Done

• [ ] LakeFormation Permissions added
• [ ] Access to QuickSight tested
• [ ] Follow-on stories raised

[julialawrence]

Current plan:

• tag glue resources using sha1 of their path
• Use terraform to assign permissions based on those tags

Issues:

• Not sure what to do for databases
• Ideally TF would check the validity of the tag before attempting to apply, but there is no easy way to achieve this.
• ???