This CDK code produces a "Resource did not stabilize" error:
data_location = lakeformation.CfnPrincipalPermissions.DataLocationResourceProperty(
catalog_id=Aws.ACCOUNT_ID,
resource_arn="arn:aws:s3:::my-s3-bucket-here/my_db_folder_here/"
)
cfn_principal_permissions = lakeformation.CfnPrincipalPermissions(scope, "DatalakePrincipalPermissions",
permissions=["DATA_LOCATION_ACCESS"],
permissions_with_grant_option=["DATA_LOCATION_ACCESS"],
principal=lakeformation.CfnPrincipalPermissions.DataLakePrincipalProperty(
data_lake_principal_identifier=f"arn:aws:iam::my_acct_id_here:user/my_user_here"
),
resource=lakeformation.CfnPrincipalPermissions.ResourceProperty(
data_location=data_location
),
catalog=Aws.ACCOUNT_ID
)
I do see the event sending the request, and it all looks fine, I actually see the permissions granted in the web UI for a few moments after I run my CDK, but then the "HandlerErrorCode: NotStabilized" error happens, and the resource is rolled back
Does anybody have an idea of what could be happening?