- Newest
- Most votes
- Most comments
To disable Lake Formation, you can run the Python script with Lake Formation admin permission as described in the Github link [1].
You can also do this manually at your end. In order to rollback the Lake Formation configuration manually, you could perform the following steps:
**Modify data lake settings to use only IAM access controls **
a. Log in as Administrator user or role (IAM principal with IAM policy "AdministratorAccess" attached). b. From the Lake Formation console, choose "Settings" under the "Data catalog" drop down in the navigation pane of the Lake Formation console. c. Select both checkboxes under "Default permissions for newly created databases and tables" and click "Save".
**De-register all the data lake locations: **
a. Log in as Data Lake Administrator for Lake Formation [2]. b. Under 'Register and Ingest' in the navigation pane, choose Data lake locations/Data Locations. c. De-register the locations by choosing Actions > Remove for each location until there are no locations registered.
Grant permissions to create databases to IAMAllowedPrincipals for catalog
a. Under 'Permissions' in the navigation pane, choose "Admins and database creators". b. In the "Database creators" section, click "Grant". c. Search for "IAMAllowedPrincipals" under IAM users and roles and select "Create database" under Catalog permissions.
**Ensure Super permission is granted to the group IAMAllowedPrincipals on all existing Glue Data Catalog resources. **
a. Choose "Tables" under "Data catalog" in the navigation pane. b. For each, under Actions > View Permissions, ensure all tables have IAMAllowedPrincipals with "Super" permissions granted. c. If the table does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the corresponding database name and provide the table name. Under Table permissions, select Super and click on "Grant". d. Choose "Databases" under "Data catalog" in the navigation pane. e. For each, under Actions > View Permissions, ensure all databases have IAMAllowedPrincipals with "Super" permissions granted. f. If the database does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the database. Under Database permissions, select Super and click on "Grant".
**References: **
[1] https://github.com/aws-samples/aws-glue-samples/tree/master/utilities/use_only_IAM_access_controls [2] https://docs.aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#create-data-lake-admina
Relevant content
- asked 3 years ago
- Accepted Answerasked 4 years ago
- asked 5 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 8 months ago