How to disable the lake formation and bring the default settings

0

We have enabled the lake formation for some POC and we are unable to disable it and get default setting. The problem we have is if I create a db in athena and to create table in same database using databrick we have to grant permissions also other engines runs on aws also not able to access unless we grant the permission earlier this was not the case.

demandé il y a 5 mois586 vues
1 réponse
0

To disable Lake Formation, you can run the Python script with Lake Formation admin permission as described in the Github link [1].

You can also do this manually at your end. In order to rollback the Lake Formation configuration manually, you could perform the following steps:

**Modify data lake settings to use only IAM access controls **

a. Log in as Administrator user or role (IAM principal with IAM policy "AdministratorAccess" attached). b. From the Lake Formation console, choose "Settings" under the "Data catalog" drop down in the navigation pane of the Lake Formation console. c. Select both checkboxes under "Default permissions for newly created databases and tables" and click "Save".

**De-register all the data lake locations: **

a. Log in as Data Lake Administrator for Lake Formation [2]. b. Under 'Register and Ingest' in the navigation pane, choose Data lake locations/Data Locations. c. De-register the locations by choosing Actions > Remove for each location until there are no locations registered.

Grant permissions to create databases to IAMAllowedPrincipals for catalog

a. Under 'Permissions' in the navigation pane, choose "Admins and database creators". b. In the "Database creators" section, click "Grant". c. Search for "IAMAllowedPrincipals" under IAM users and roles and select "Create database" under Catalog permissions.

**Ensure Super permission is granted to the group IAMAllowedPrincipals on all existing Glue Data Catalog resources. **

a. Choose "Tables" under "Data catalog" in the navigation pane. b. For each, under Actions > View Permissions, ensure all tables have IAMAllowedPrincipals with "Super" permissions granted. c. If the table does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the corresponding database name and provide the table name. Under Table permissions, select Super and click on "Grant". d. Choose "Databases" under "Data catalog" in the navigation pane. e. For each, under Actions > View Permissions, ensure all databases have IAMAllowedPrincipals with "Super" permissions granted. f. If the database does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the database. Under Database permissions, select Super and click on "Grant".

**References: **

[1] https://github.com/aws-samples/aws-glue-samples/tree/master/utilities/use_only_IAM_access_controls [2] https://docs.aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#create-data-lake-admina

AWS
répondu il y a 5 mois
profile pictureAWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
vérifié il y a 5 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions