- Newest
- Most votes
- Most comments
I see that you are trying to do multiple LF permission grant using Cloudformation.
On creating 'AWS::LakeFormation::PrincipalPermissions'[1] resource in cloudformation it grants permissions to a principal on a specified resource. It does not take multiple resources as input. You will have to create new CF resource of type 'AWS::LakeFormation::PrincipalPermissions' for each permission grant.
Moreover the permission set for each resource type is different. LFTags have DESCRIBE and ASSOCIATE whereas Database has ALL, ALTER, CREATE_TABLE, DESCRIBE and DROP. Lets say even if they have same subset of permission, the API does not allow granting permission on multiple resources.
AWS::LakeFormation::PrincipalPermissions is equivalent to running GrantPermissions[2] API.
[1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-principalpermissions.html [2] https://docs.aws.amazon.com/cli/latest/reference/lakeformation/grant-permissions.html
Relevant content
- asked 7 months ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago