You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/connections/storage/data-lakes/lake-formation.md
+16-7Lines changed: 16 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ You can configure Lake Formation using the [`IAMAllowedPrincipals` group](#confi
23
23
4. On the **Grant data permissions** page, select the `IAMAllowedPrincipals` group in the Principals section.
24
24
5. Under the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
25
25
6. Select the **Grant** button.
26
-
7. On the **Permissions** page, verify the `IAMAllowedPrincipals` group is listed.
26
+
7. On the **Permissions** page, verify the `IAMAllowedPrincipals` group has "All" permissions.
27
27
28
28
#### New databases
29
29
1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/).
@@ -38,26 +38,35 @@ You can configure Lake Formation using the [`IAMAllowedPrincipals` group](#confi
38
38
5. On the **Grant data permissions** page, select the `IAMAllowedPrincipals` group in the Principals section.
39
39
6. Under the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
40
40
7. Select the **Grant** button.
41
-
8. On the **Permissions** page, verify the `IAMAllowedPrincipals` group is listed.
41
+
8. On the **Permissions** page, verify the `IAMAllowedPrincipals` group has "All" permissions.
42
42
43
43
#### Verifying your configuration
44
44
To verify that you've successfully configured Lake Formation, open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/), select **Data lake permissions**, and verify the `IAMAllowedPrincipals` group is listed with "All" permissions.
45
45
46
46
### Configuring Lake Formation using IAM policies
47
47
48
-
<!-- totally start this section from scratch-->
48
+
> note "Granting Super permission to IAM roles"
49
+
> If you manually configured your database, assign the `EMR_EC2_DefaultRole` super permissions. If you configured your database using Terraform, assign the `segment_emr_instance_profile` super permissions.
49
50
50
51
#### Existing databases
51
52
1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/).
52
-
2. Under **Data catalog**, select the settings tab. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
53
-
3.
53
+
2. Under **Data catalog**, select the **Settings** tab. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
54
+
3. On the **Databases** page, select your database. From the **Actions** menu, select **Grant** under the Permissions section.
55
+
5. On the **Grant data permissions** page, select the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`, if you configured your data lake using Terraform) and `segment-data-lake-iam-role` roles in the Principals section.
56
+
6. Under the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
57
+
7. Select the **Grant** button.
58
+
8. On the **Permissions** page, verify the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`) and `segment-data-lake-iam-role` roles have "All" permissions.
54
59
55
60
#### New databases
56
61
1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/).
57
-
2. Under **Data catalog**, select the settings tab. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
62
+
2. Under **Data catalog**, select the **Settings** tab. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
58
63
3. Select the Databases tab. Click the **Create database** button, and create your database:
59
64
1. Select the **Database** button.
60
65
2. Name your database.
61
66
3. Set the location to `s3://$datalake_bucket/segment-data/`. <br/> **Optional:** Add a description to your database.
62
67
4. Click **Create database**.
63
-
4.
68
+
4. On the **Databases** page, select your database. From the **Actions** menu, select **Grant** under the Permissions section.
69
+
5. On the **Grant data permissions** page, select the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`, if you configured your data lake using Terraform) and `segment-data-lake-iam-role` roles in the Principals section.
70
+
6. Under the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
71
+
7. Select the **Grant** button.
72
+
8. On the **Permissions** page, verify the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`) and `segment-data-lake-iam-role` roles have "All" permissions.
0 commit comments