AWS::LakeFormation::Permissions
The AWS::LakeFormation::Permissions resource represents the permissions that a principal has on an Amazon Glue Data Catalog resource (such as Amazon Glue database or Amazon Glue tables). When you upload a permissions stack, the permissions are granted to the principal and when you remove the stack, the permissions are revoked from the principal. If you remove a stack, and the principal does not have the permissions referenced in the stack then Amazon Lake Formation will throw an error because you can’t call revoke on non-existing permissions. To successfully remove the stack, you’ll need to regrant those permissions and then remove the stack.
Note
New versions of Amazon Lake Formation permission resources are now available. For more information, see: AWS:LakeFormation::PrincipalPermissions
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::LakeFormation::Permissions", "Properties" : { "DataLakePrincipal" :DataLakePrincipal, "Permissions" :[ String, ... ], "PermissionsWithGrantOption" :[ String, ... ], "Resource" :Resource} }
YAML
Type: AWS::LakeFormation::Permissions Properties: DataLakePrincipal:DataLakePrincipalPermissions:- StringPermissionsWithGrantOption:- StringResource:Resource
Properties
DataLakePrincipal-
The Amazon Lake Formation principal.
Required: Yes
Type: DataLakePrincipal
Update requires: Replacement
Permissions-
The permissions granted or revoked.
Required: No
Type: Array of String
Update requires: No interruption
PermissionsWithGrantOption-
Indicates the ability to grant permissions (as a subset of permissions granted).
Required: No
Type: Array of String
Update requires: No interruption
Resource-
A structure for the resource.
Required: Yes
Type: Resource
Update requires: Replacement
Return values
Fn::GetAtt
Id-
A unique identifier for the batch permissions request entry.