AWS Lake Formation: Grant permission for one role to ALL databases - Amazon web services

plazmakeks
August 16, 2022
70 views
0 votes
2 Answers

Is it possible to somehow grant permissions to ALL available databases in Lake Formation? Using the AWS UI I’m able to grant permission to individual databases. However I’m looking for a way to grant permissions to all available databases. Is that possible somehow?

Answers

Chosen as BEST ANSWER
- plazmakeks
- September 23, 2022 at 2:09 pm
- 0 votes
0
Figured out how to use the CLI for that for individual databases. However, AWS confirms theres no API available for batch processing. Anyway this can be modified in a batch script or whatever one prefers to make it work in a batch style:
```
aws lakeformation grant-permissions --profile <your-profile> --principal '{"DataLakePrincipalIdentifier": "arn:aws:iam::<account-id>:role/<role>"}' --resource '{"Database": {"Name": "<database-name>", "CatalogId": "<account-id>"}}' --permissions ALL --permissions-with-grant-option ALL
```

(Edit)

- AreuGTOready
- September 26, 2022 at 12:03 pm
- 0 votes
0
Use tags

Create a tag "admin": "true" (or anything else more suitable for your need)
Associate this tag to all db ( no need to associate table, they will inherit the tag value from their db)
grant desired permissions on this tag to your user/role.

Benfit : any new db or tables tagged with this tag key/value will be accessible

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

AWS Lake Formation: Grant permission for one role to ALL databases – Amazon web services

Answers