From d618f0d6144df3a78a40ca3face9aeae238409db Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Tue, 23 Jul 2024 16:05:03 +0000 Subject: [PATCH 1/3] Add LF settings Signed-off-by: Jacob Woffenden --- .../lakeformation-data-lake-settings.tf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf diff --git a/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf b/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf new file mode 100644 index 00000000000..feb458a302c --- /dev/null +++ b/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf @@ -0,0 +1,13 @@ +resource "aws_lakeformation_data_lake_settings" "main" { + admins = [data.aws_iam_session_context.current.issuer_arn] + + create_database_default_permissions { + permissions = ["ALL"] + principal = "IAM_ALLOWED_PRINCIPALS" + } + + create_table_default_permissions { + permissions = ["ALL"] + principal = "IAM_ALLOWED_PRINCIPALS" + } +} From 453762910f49d8f20e46afb8dd59922c2aa7f4f4 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Tue, 23 Jul 2024 16:10:38 +0000 Subject: [PATCH 2/3] Add aws_iam_session_context Signed-off-by: Jacob Woffenden --- .../environments/analytical-platform-compute/platform_data.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/environments/analytical-platform-compute/platform_data.tf b/terraform/environments/analytical-platform-compute/platform_data.tf index c2243ad79bc..3b5a2d225a9 100644 --- a/terraform/environments/analytical-platform-compute/platform_data.tf +++ b/terraform/environments/analytical-platform-compute/platform_data.tf @@ -3,6 +3,10 @@ data "aws_region" "current" {} data "aws_caller_identity" "current" {} +data "aws_iam_session_context" "current" { + arn = data.aws_caller_identity.current.arn +} + # Route53 DNS data data "aws_route53_zone" "network-services" { provider = aws.core-network-services From ea26f26d9454ae8c3901afbdffd6149cd7dea191 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Tue, 23 Jul 2024 16:22:43 +0000 Subject: [PATCH 3/3] Fix data location Signed-off-by: Jacob Woffenden --- terraform/environments/analytical-platform-compute/data.tf | 4 ++++ .../environments/analytical-platform-compute/platform_data.tf | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/analytical-platform-compute/data.tf b/terraform/environments/analytical-platform-compute/data.tf index 229472ee718..c38f39b87a9 100644 --- a/terraform/environments/analytical-platform-compute/data.tf +++ b/terraform/environments/analytical-platform-compute/data.tf @@ -1,5 +1,9 @@ data "aws_availability_zones" "available" {} +data "aws_iam_session_context" "current" { + arn = data.aws_caller_identity.current.arn +} + data "aws_ssoadmin_instances" "main" { provider = aws.sso-readonly } diff --git a/terraform/environments/analytical-platform-compute/platform_data.tf b/terraform/environments/analytical-platform-compute/platform_data.tf index 3b5a2d225a9..c2243ad79bc 100644 --- a/terraform/environments/analytical-platform-compute/platform_data.tf +++ b/terraform/environments/analytical-platform-compute/platform_data.tf @@ -3,10 +3,6 @@ data "aws_region" "current" {} data "aws_caller_identity" "current" {} -data "aws_iam_session_context" "current" { - arn = data.aws_caller_identity.current.arn -} - # Route53 DNS data data "aws_route53_zone" "network-services" { provider = aws.core-network-services