LakeFormation: Insufficient Lake Formation permission(s) on on resource to Tag or Untag

Question

I'm trying to create LF-tags and then attach them to an existing Data Catalog database via Jenkins cumulus pipeline. The creation config is like this in terraform:

resource "aws_lakeformation_lf_tag" "lf_tags" {
  key    = "{{lf_key}}"
  values = "{{lf_values}}"
}

 resource "aws_lakeformation_resource_lf_tags" "db_access" {
    database {
     name = "a_database"
   }
    lf_tag {
      key   = "{{lf_key}}"
      value = "{{lf_value}}"
    }
  }

The Jenkins cumulus role has copied AWSLakeFormationDataAdmin role policies, except s3 and iam parts. I think with all the granted access to lakeformation and glue it should be ok to create and attach LF-tags? But I continue to get errors like this:

Error: creating AWS Lake Formation Resource LF Tags ({
  LFTags: [{
      TagKey: "some_key",
      TagValues: ["some_value"]
    }],
  Resource: {
    Database: {
      Name: "a_database"
    }
  }
}): AccessDeniedException: Insufficient Lake Formation permission(s) on on resource to Tag or Untag.

  with aws_lakeformation_resource_lf_tags.db_access,
  on lf-tag.tf line 30, in resource "aws_lakeformation_resource_lf_tags" "db_access":
  30: resource "aws_lakeformation_resource_lf_tags" "db_access" {

EDIT: I attached the managed AWSLakeFormationDataAdmin role to my role and still got the same error. So I kept the attachment and did a copy-paste of all the policies of the AWSLakeFormationDataAdmin role to my config file. Now I have a new error not authorized to perform: airflow:GetEnvironment on resource but it's not supposed to do so...