Skip to content

Lakeformation permission for external account access fails validation #18034

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#16916
Closed
Lakeformation permission for external account access fails validation#18034
#16916
Labels
enhancementRequests to existing resources that expand the functionality or scope.service/lakeformationIssues and PRs that pertain to the lakeformation service.
Milestone
 
v3.38.0
@vadivelselvaraj

Description

@vadivelselvaraj
vadivelselvaraj
opened on Mar 10, 2021

When sharing glue catalog database or tables with external AWS accounts, the principal argument for the AWS LakeFormation Permissions API should accept a valid AWS account ID. Currently, only a valid AWS role or user ARN is accepted and a code like the below would fail because of this validation.

resource "aws_lakeformation_permissions" "high_fidelity_db_external_access" {
  principal = "259712912613"
  permissions = ["SELECT"]
  permissions_with_grant_option = ["SELECT"]

  database {
    name = aws_glue_catalog_database.sample_db.name
  }
}

ValidationError: Error: "principal" doesn't look like a user or role: "259712912613"

The validation for the principal argument is done here and needs to be changed to allow AWS account ID as valid input.

Additionally, the principal argument can also be an organization as can be seen here.

Metadata

Assignees

No one assigned

    Labels

    enhancementRequests to existing resources that expand the functionality or scope.service/lakeformationIssues and PRs that pertain to the lakeformation service.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions