-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_lakeformation_permissions support AllIAMPrincipals special principal #38600
base: main
Are you sure you want to change the base?
aws_lakeformation_permissions support AllIAMPrincipals special principal #38600
Conversation
Community NoteVoting for Prioritization
For Submitters
|
32819ff
to
063a75c
Compare
## `ALLIAMPrincipals` group | ||
|
||
AllIAMPrincipals is a pseudo-entity group that acts like a Lake Formation principal. The group includes all IAMs in the account that is defined. | ||
|
||
resource "aws_lakeformation_permissions" "example" { | ||
permissions = ["SELECT"] | ||
principal = "123456789012:IAMPrincipals" | ||
|
||
table_with_columns { | ||
database_name = aws_glue_catalog_table.example.database_name | ||
name = aws_glue_catalog_table.example.name | ||
column_names = ["event"] | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"1234567890125", //not an account id | ||
"1234567890125", //not an account id | ||
"IAMPrincipals", // incorrect representation | ||
"1234567890125:IAMPrincipals", // incorrect representation, account id invalid length |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
best viewed with "hide whitespace" enabled
@@ -54,6 +55,7 @@ func TestAccLakeFormation_serial(t *testing.T) { | |||
"PermissionsTable": { | |||
acctest.CtBasic: testAccPermissions_tableBasic, | |||
"iamAllowed": testAccPermissions_tableIAMAllowed, | |||
"iamPrincipals": testAccPermissions_tableIAMPrincipals, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
best viewed with "hide whitespace" enabled
Issue: #29767
Lake Formation supports two special principal values that are defined by the Lake Formation service:
IAMAllowedPrincipals
(already supported byaws_lakeformation_permissions
resource since its creation)AllIAMPrincipals
(Added in this PR)The implementation and test cases for
AllIAMPrincipals
closely follows that ofIAMAllowedPrincipals
.https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html