User defined groups and blue prints in Lake Formation
Hi
We are currently investigating Lake Formation and it looks promising.
There are a few things which we can't figure out to do. Either because we don't know how or because they are not yet developed for Lake Formation
- User defined groups
We cannot see our IAM groups in the grant permission to data access.
We have a large group of analysts divided into different divisions. We would like to give a specific access to each division, but not having the overhead of doing this for each analyst. I can only find the "everyone" group, which doesn't suit our needs
- User defined blueprints
Currently the number of blueprints is limited to databases and cloudtrail-logs. It would be a nice feature to be able to create your own blueprints in order to recreate userdefined datalake ingestions.
I don't know if anyone has some workarounds for these issues or there is a wish-list somewhere to propose new features
Best and Thanks
Thanks for using AWS Lake Formation and for the feedback. Both permissions for IAM groups and user defined blueprints are not yet supported, but the team is aware of these product requests.
In the meantime, a workaround for groups is to create a role to which you grant Lake Formation and querying permissions, then allow members of the IAM group to assume that role. Remember that when they assume the role, they only have that role's permissions. See here:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
Remember to make the AWS account from which you are calling AssumeRole a trusted entity for the role:
https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_roles.html#troubleshoot_roles_cant-assume-role
Relevant questions
Access error : Spark query from AWS EMR with AWS Lake Formation
asked 5 months agoAthena query: Insufficient Lake Formation permission(s): Illegal permission combination
asked 5 months agoRedshift Spectrum Access to Lake Formation
Accepted Answerasked 3 years agoLake Formation Governed tables: truncate and reload?
asked 4 months agoAre you able to hide tables in a database using Lake Formation Tagging
asked 3 months agoHow to best handle lake formation row level security from a shared IAM role
asked 7 months agoIs it possible to specify DB snapshot in AWS Lake Formation?
Accepted Answerasked a year agoGlue job keep running indefinitely on S3 registered with Lake Formation
asked a year agoAWS Lake Formation Data Filter Issue
asked a month agoUser defined groups and blue prints in Lake Formation
asked 3 years ago