How to disable the lake formation and bring the default settings

0

We have enabled the lake formation for some POC and we are unable to disable it and get default setting. The problem we have is if I create a db in athena and to create table in same database using databrick we have to grant permissions also other engines runs on aws also not able to access unless we grant the permission earlier this was not the case.

Dasari
asked 4 months ago475 views
1 Answer
0

To disable Lake Formation, you can run the Python script with Lake Formation admin permission as described in the Github link [1].

You can also do this manually at your end. In order to rollback the Lake Formation configuration manually, you could perform the following steps:

**Modify data lake settings to use only IAM access controls **

a. Log in as Administrator user or role (IAM principal with IAM policy "AdministratorAccess" attached). b. From the Lake Formation console, choose "Settings" under the "Data catalog" drop down in the navigation pane of the Lake Formation console. c. Select both checkboxes under "Default permissions for newly created databases and tables" and click "Save".

**De-register all the data lake locations: **

a. Log in as Data Lake Administrator for Lake Formation [2]. b. Under 'Register and Ingest' in the navigation pane, choose Data lake locations/Data Locations. c. De-register the locations by choosing Actions > Remove for each location until there are no locations registered.

Grant permissions to create databases to IAMAllowedPrincipals for catalog

a. Under 'Permissions' in the navigation pane, choose "Admins and database creators". b. In the "Database creators" section, click "Grant". c. Search for "IAMAllowedPrincipals" under IAM users and roles and select "Create database" under Catalog permissions.

**Ensure Super permission is granted to the group IAMAllowedPrincipals on all existing Glue Data Catalog resources. **

a. Choose "Tables" under "Data catalog" in the navigation pane. b. For each, under Actions > View Permissions, ensure all tables have IAMAllowedPrincipals with "Super" permissions granted. c. If the table does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the corresponding database name and provide the table name. Under Table permissions, select Super and click on "Grant". d. Choose "Databases" under "Data catalog" in the navigation pane. e. For each, under Actions > View Permissions, ensure all databases have IAMAllowedPrincipals with "Super" permissions granted. f. If the database does not have this, click on "Grant". Search for "IAMAllowedPrincipals" under IAM users and roles, choose the database. Under Database permissions, select Super and click on "Grant".

**References: **

[1] https://github.com/aws-samples/aws-glue-samples/tree/master/utilities/use_only_IAM_access_controls [2] https://docs.aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#create-data-lake-admina

AWS
JackieE
answered 4 months ago
profile pictureAWS
SUPPORT ENGINEER
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions