Step 3: Set AWS Lake Formation permissions

The following steps must be completed after the stack has successfully deployed. Make sure your stack from the previous step has a CREATE_COMPLETE status before continuing.

Follow these steps to enable AWS Lake Formation to control your AWS Glue Data Catalog resources and to give your IAM role permission to access the tables in the Data Catalog.

Sign in to the AWS Lake Formation console.
Grant Lake Formation administrative permissions to your IAM role.
1. In the navigation pane, under Administration, choose Administrative roles and tasks.
2. Select Manage Administrators and enter your current IAM role.
Enable Lake Formation to control your Data Catalog resources.
1. In the navigation pane, under Administration, choose Data Catalog settings.
2. Clear both check boxes and choose Save.
Give your IAM role permission to access the tables in the Data Catalog.
1. In the navigation pane, under Permissions, choose Data lake permissions.
2. Choose Grant in the upper right, and do the following:
  - For IAM users and roles, enter your current IAM role.
  - For LF-Tags or catalog resources, choose Named data catalog resources.
  - For Databases, choose your database:
    
    <stack_name> \_datalake_dev_adtech_amc_db.
    
    <stack_name> \_datalake_dev_adtech_ads_report_db.
    
    <stack_name> \_datalake_dev_adtech_sp_report_db.
  - For Tables, choose All Tables.
  - Keep Data Filters - Optional empty.
  - For Table Permissions, choose Super.
3. Choose Grant at the bottom.
Repeat the previous step for any other users who need permission to access the tables in the Data Catalog.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 2: Launch the stack

Use the solution