Lake Formation (AWS Cloudtrail) bluprint can’t reach the IAM role used in data lake locations and data locations

0

An IAM role was created to provide the access to S3 and lake formation as per Requirements for roles used to register locations, also trust relationship was verified and Cloudtrail, S3, lake formation are all in the same region. Actually not even the service-linked roles for Lake Formation appears in the drop-down list for choosing the IAM role.

The data lake locations and data locations were properly configured using the IAM role mentioned above. However; when trying to setup a lake formation (aws cloudtrail) blueprint the IAM role cannot be selected from the drop-down list, only limited list of IAM roles from other services appears.

No specific policies or configurations were found to enable the IAM role to appear in the allowed IAM roles to be chosen.

2개 답변
1

When dealing with AWS Lake Formation blueprints, especially those related to AWS CloudTrail, it's important to ensure that the IAM role you are trying to use is correctly configured and meets the requirements.

Verify IAM Role Trust Relationship

{
  "Effect": "Allow",
  "Principal": {
    "Service": [
      "lakeformation.amazonaws.com"
    ]
  },
  "Action": "sts:AssumeRole"
}

Verify the IAM Role policies

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudtrail:PutObject",
                "cloudtrail:CreateTrail",
                "cloudtrail:StartLogging"
                // Add other necessary permissions
            ],
            "Resource": "*"
        }
    ]
}

Make sure AWS CloudTrail is configured properly and is logging events to an S3 bucket. The IAM role used by Lake Formation should have the necessary permissions to interact with CloudTrail events.Ensure that AWS CloudTrail, S3, and Lake Formation are all in the same AWS region.Sometimes, the AWS Management Console might not reflect the latest changes immediately. Try refreshing your browser or logging out and logging back into the AWS Management Console to ensure that you are working with the latest information If the issue persists and you've gone through the above steps, consider reaching out to AWS Support for more detailed assistance. They can help investigate the issue specific to your AWS account and region

Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)

profile picture
전문가
답변함 4달 전
0

Thank you Debolek, I did a thorough review of every action you mentioned above and unfortunately, it didn't work. I'll be in contact with AWS support team. Cheers

답변함 4달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠