-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lf/settings: Add parameters
map argument to support CROSS_ACCOUNT_VERSION
#39826
Conversation
Community NoteVoting for Prioritization
For Submitters
|
parameters
map argument to support CROSS_ACCOUNT_VERSION
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀.
% make testacc TESTARGS='-run=TestAccLakeFormation_serial/^DataLakeSettings' PKG=lakeformation
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/lakeformation/... -v -count 1 -parallel 20 -run=TestAccLakeFormation_serial/^DataLakeSettings -timeout 360m
2024/10/22 08:26:41 Initializing Terraform AWS Provider...
=== RUN TestAccLakeFormation_serial
=== PAUSE TestAccLakeFormation_serial
=== CONT TestAccLakeFormation_serial
=== RUN TestAccLakeFormation_serial/DataLakeSettings
=== RUN TestAccLakeFormation_serial/DataLakeSettings/disappears
=== RUN TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId
=== RUN TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins
=== RUN TestAccLakeFormation_serial/DataLakeSettings/parameters
=== RUN TestAccLakeFormation_serial/DataLakeSettings/basic
=== RUN TestAccLakeFormation_serial/DataLakeSettingsDataSource
=== RUN TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins
=== RUN TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic
--- PASS: TestAccLakeFormation_serial (99.11s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings (75.92s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings/disappears (12.42s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId (10.53s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins (10.36s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings/parameters (31.80s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettings/basic (10.81s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource (23.19s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins (11.10s)
--- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic (12.09s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation 104.499s
This functionality has been released in v5.73.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Description
Setting a cross-account version in AWS Lake Formation helps manage and optimize cross-account data sharing by aligning the features and methods of sharing with the evolving capabilities of AWS Resource Access Manager (RAM).
Reasons for setting a cross-account version:
Feature Updates: Newer versions introduce optimizations and capabilities for cross-account sharing, such as mapping multiple permissions to a single AWS RAM resource share, thereby reducing overhead.
Scalability: Higher versions (version 2 and above) optimize the usage of AWS RAM resources, enabling scalable cross-account setups with fewer resource shares to manage, especially for organizations with many shared resources.
Compatibility with LF-TBAC (Lake Formation Tag-Based Access Control): Version 3 supports more advanced features like sharing resources explicitly with IAM principals, Organizations, or organizational units (OUs). It removes the need for additional AWS Glue policies, simplifying cross-account sharing setups.
Error Prevention: Updating to the appropriate version (e.g., version 3 or higher) ensures compatibility when different accounts are using different versions. Without updating, cross-account grants may fail with errors if the recipient is using a higher version than the grantor.
Backward Compatibility: The named resource method remains compatible across versions, but updating allows users to take advantage of more efficient cross-account data sharing and improved integration with AWS Glue and RAM.
Overall, setting the correct cross-account version ensures smoother, more scalable, and feature-rich data sharing across AWS accounts.
See more about cross-account version: https://docs.aws.amazon.com/lake-formation/latest/dg/optimize-ram.html#cross-account-version-diff
This type of configuration is enabled:
Relations
Closes #35773
References
Output from Acceptance Testing