- Newest
- Most votes
- Most comments
Hello,
I see you’re getting AccessDeniedException when you’re trying to create a resource of “aws_lakeformation_permissions” using Terraform script. It seems the IAM role/user which is used to create this resource doesn’t have the required permissions to create the Lake Formation Permissions.
As you might know that all principals, including the data lake administrator, need the following AWS Identity and Access Management (IAM) permissions to grant or revoke AWS Lake Formation Data Catalog permissions or data location permissions with the Lake Formation API or the AWS CLI:
————
- -> lakeformation:GrantPermissions
- -> lakeformation:BatchGrantPermissions
- -> lakeformation:RevokePermissions
- -> lakeformation:BatchRevokePermissions
- -> glue:GetTable or glue:GetDatabase for a table or database that you're granting permissions on with the named resource method
————
You can find more details on the documentation: https://docs.aws.amazon.com/lake-formation/latest/dg/required-permissions-for-grant.html
I would suggest you to try giving the above permissions mentioned in the documentation to the role/user which is being used by the Terraform script to create the resources.
If you still get the error, then I would suggest you to open a support case with AWS for further troubleshooting. You can use the following link for the same: https://support.console.aws.amazon.com/support/home#/case/create
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago