trying to add DATA_LOCATION_ACCESS via CDK calls using lakeformation.CfnPrincipalPermissions does not work

Question

This CDK code produces a "Resource did not stabilize" error:

```
    data_location = lakeformation.CfnPrincipalPermissions.DataLocationResourceProperty(
        catalog_id=Aws.ACCOUNT_ID,
        resource_arn="arn:aws:s3:::my-s3-bucket-here/my_db_folder_here/"
    )
    cfn_principal_permissions = lakeformation.CfnPrincipalPermissions(scope, "DatalakePrincipalPermissions",
        permissions=["DATA_LOCATION_ACCESS"],
        permissions_with_grant_option=["DATA_LOCATION_ACCESS"],
        principal=lakeformation.CfnPrincipalPermissions.DataLakePrincipalProperty(
            data_lake_principal_identifier=f"arn:aws:iam::my_acct_id_here:user/my_user_here"
        ),
        resource=lakeformation.CfnPrincipalPermissions.ResourceProperty(
            data_location=data_location
        ),
        catalog=Aws.ACCOUNT_ID
    )
```
I do see the event sending the request, and it all looks fine, I actually see the permissions granted in the web UI for a few moments after I run my CDK, but then the "HandlerErrorCode: NotStabilized" error happens, and the resource is rolled back

Does anybody have an idea of what could be happening?

Accepted Answer

disregard: I was using an extra "/" at the end of the data_lake_principal_identifier, once I removed that, it works as expected.

if you happen to copy and paste the arn from the AWS admin console, make sure you remove the trailing "/" at the end of the string:

arn:aws:s3:::your_bucket_here/your_folder_here_no_slash_at_the_end

trying to add DATA_LOCATION_ACCESS via CDK calls using lakeformation.CfnPrincipalPermissions does not work

Relevanter Inhalt