User defined groups and blue prints in Lake Formation

Question

Hi  
We are currently investigating Lake Formation and it looks promising.  
There are a few things which we can't figure out to do. Either because we don't know how or because they are not yet developed for Lake Formation  
  
1) User defined groups  
We cannot see our IAM groups in the grant permission to data access.  
We have a large group of analysts divided into different divisions. We would like to give a specific access to each division, but not having the overhead of doing this for each analyst. I can only find the "everyone" group, which doesn't suit our needs  
  
2) User defined blueprints  
Currently the number of blueprints is limited to databases and cloudtrail-logs. It would be a nice feature to be able to create your own blueprints in order to recreate userdefined datalake ingestions.  
  
I don't know if anyone has some workarounds for these issues or there is a wish-list somewhere to propose new features  
  
Best and Thanks

Answer

Thanks for using AWS Lake Formation and for the feedback. Both permissions for IAM groups and user defined blueprints are not yet supported, but the team is aware of these product requests.  
  
In the meantime, a workaround for groups is to create a role to which you grant Lake Formation and querying permissions, then allow members of the IAM group to assume that role. Remember that when they assume the role, they only have that role's permissions. See here:

Remember to make the AWS account from which you are calling AssumeRole a trusted entity for the role:

Answer

Thank you  
Guess this was our conclusion too

User defined groups and blue prints in Lake Formation

相关内容