0

We are attempting to grant permissions (using the AWS CLI) for a user to have SELECT permissions on all tables in a database in AWS Lake Formation.

Based on documentation; Lake Formation Permissions Reference and Granting Table Permissions

We attempted the following command:

aws lakeformation grant-permissions --principal DataLakePrincipalIdentifier=arn:aws:iam::000000000000:user/spongebob --permissions "SELECT" --permissions-with-grant-option "SELECT" --resource '{ ""Table"": { ""DatabaseName"": ""somedatabase"", ""TableWildcard"": {} } }'

Which returned the following error:

Parameter validation failed: Missing required parameter in Resource.Table: "Name" Unknown parameter in Resource.Table: "TableWildcard", must be one of: DatabaseName, Name

We tried some variations of the command (the documentation does say this needs to be an empty dictionary though), and we've come to the conclusion that it must be something to do with the API version that we are calling when executing the command.

Would anyone be able to confirm whether this is an API version issue, or if there is something missing from the documentation (linked above) we have missed.

Cheers

Henry
  • 48
  • 1
  • 7

1 Answers1

1

It's definitely a version mismatch. The same error was faced due to older boto3 version in lambda.

Update the aws cli and try again:

sudo pip3 install awscli --force-reinstall --upgrade
amsh
  • 3,097
  • 2
  • 12
  • 26
  • I tried forcing a reinstall; however when running grant-permissions again it still says `Unknown parameter in Resource.Table: "TableWildcard"` (thanks for answering BTW) – Henry Oct 07 '20 at 07:17
  • OK - so think I have it working now. I updated via the MSI instead to the latest version, and now it doesn't complain when I execute the grant-permissions command. I checked with list-permissions and all looks good. Event though the command didn't seem to work - the solution in the end was to upgrade - will mark this as the solution. Thank you. – Henry Oct 07 '20 at 08:13