Skip to content

Commit

Permalink
aws_lakeformation_permissions IAMPrincipals docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickdelnano
nickdelnano committed Jul 30, 2024
1 parent b0f40c9 commit 063a75c
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions website/docs/r/lakeformation_permissions.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,21 @@ The resulting permissions depend on whether the table had `IAMAllowedPrincipals`
| ---- | ---- |
| `SELECT` column wildcard (i.e., all columns) | `SELECT` on `"event"` (as expected) |

## `ALLIAMPrincipals` group

AllIAMPrincipals is a pseudo-entity group that acts like a Lake Formation principal. The group includes all IAMs in the account that is defined.

resource "aws_lakeformation_permissions" "example" {
permissions = ["SELECT"]
principal = "123456789012:IAMPrincipals"

table_with_columns {
database_name = aws_glue_catalog_table.example.database_name
name = aws_glue_catalog_table.example.name
column_names = ["event"]
}
}

## Using Lake Formation Permissions

Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. These implicit permissions cannot be revoked _per se_. If this resource reads implicit permissions, it will attempt to revoke them, which causes an error when the resource is destroyed.
Expand Down

0 comments on commit 063a75c

Please sign in to comment.