Reputation: 181
AWS Lake Formation: Grant permission for one role to ALL databases
Is it possible to somehow grant permissions to ALL available databases in Lake Formation? Using the AWS UI I'm able to grant permission to individual databases. However I'm looking for a way to grant permissions to all available databases. Is that possible somehow?
Upvotes: 3
Views: 2124
Answers (2)
Reputation: 11
Use tags
Create a tag "admin": "true" (or anything else more suitable for your need) Associate this tag to all db ( no need to associate table, they will inherit the tag value from their db) grant desired permissions on this tag to your user/role.
Benfit : any new db or tables tagged with this tag key/value will be accessible
Upvotes: 1
Reputation: 181
Figured out how to use the CLI for that for individual databases. However, AWS confirms theres no API available for batch processing. Anyway this can be modified in a batch script or whatever one prefers to make it work in a batch style:
aws lakeformation grant-permissions --profile <your-profile> --principal '{"DataLakePrincipalIdentifier": "arn:aws:iam::<account-id>:role/<role>"}' --resource '{"Database": {"Name": "<database-name>", "CatalogId": "<account-id>"}}' --permissions ALL --permissions-with-grant-option ALL
Upvotes: 0
Related Questions
- Control access on Athena tables federated from DynamoDB
- AWS Glue cannot create database from crawler: permission denied
- Grant Lake Formation read permission to all tables in a Glue database through CloudFormation
- "Permission denied" error when sending a query with Athena
- Fetching data from Athena and glue permissions
- Is there any other policy need to be attached to create a role for aws glue databrew?
- AWS Glue equivalent of EMRFS role mappings
- IAM Role setup enabled to create databases and tables with Lake Formation
- IAM CreateTable permission for one database only on Athena
- Athena Database Level Access Control