By using AWS re:Post, you agree to the Terms of Use
/User defined groups and blue prints in Lake Formation/

User defined groups and blue prints in Lake Formation


We are currently investigating Lake Formation and it looks promising.
There are a few things which we can't figure out to do. Either because we don't know how or because they are not yet developed for Lake Formation

  1. User defined groups

We cannot see our IAM groups in the grant permission to data access.
We have a large group of analysts divided into different divisions. We would like to give a specific access to each division, but not having the overhead of doing this for each analyst. I can only find the "everyone" group, which doesn't suit our needs

  1. User defined blueprints

Currently the number of blueprints is limited to databases and cloudtrail-logs. It would be a nice feature to be able to create your own blueprints in order to recreate userdefined datalake ingestions.

I don't know if anyone has some workarounds for these issues or there is a wish-list somewhere to propose new features

Best and Thanks

asked 3 years ago13 views
2 Answers

Thanks for using AWS Lake Formation and for the feedback. Both permissions for IAM groups and user defined blueprints are not yet supported, but the team is aware of these product requests.

In the meantime, a workaround for groups is to create a role to which you grant Lake Formation and querying permissions, then allow members of the IAM group to assume that role. Remember that when they assume the role, they only have that role's permissions. See here:

Remember to make the AWS account from which you are calling AssumeRole a trusted entity for the role:

answered 3 years ago

Thank you
Guess this was our conclusion too

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions