Cannot create LakeFormationAdmin

Question

I'm attempting to create a datalake admin user, as per: https://docs.aws.amazon.com/lake-formation/latest/dg/initial-LF-setup.html#create-data-lake-admin

I've followed the instructions exactly, has all of the required initial roles / permissions. Has all of the additional inline permissions. However when I select the created user when the Lake Formation screen asks me to choose a datalake admin, I get the error message: "Read Only Admin not supported".

I don't know what this means. I have also tried to set my user as the administrator, this also doesn't work, giving me the same error message. This particular user is running as Amazon Administrator (i.e. grant = *, deny = []).

Can someone please suggest what is wrong here? The fact my admin account would appear to have insufficient permissions indicates to me there is something else incorrectly set up here, but I couldn't guess what it is.

Answer

I have followed the below instructions to move past the error "Read Only Admin not supported".

- Have created a user in IAM and added AWSLakeFormationDataAdmin Policy to the user.
- In the navigation pane, under Permissions, choose Administrative Roles and tasks. In the Data lake administrators section of the console page, choose Choose administrators.
- In the Manage data lake administrators dialog box, for IAM users and roles, choose the IAM user that you created, and then choose Save.

![Enter image description here](/media/postImages/original/IMIFi9fDobRNqnqWT1wPVPAA)

Note - Do not select an IAM administrative user (user with the AdministratorAccess AWS managed policy) to be the data lake administrator.

Cannot create LakeFormationAdmin

Relevant content