Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lf/settings: Add parameters map argument to support CROSS_ACCOUNT_VERSION #39826

Merged
merged 10 commits into from
Oct 22, 2024

Conversation

YakDriver
Copy link
Member

@YakDriver YakDriver commented Oct 21, 2024

Description

Setting a cross-account version in AWS Lake Formation helps manage and optimize cross-account data sharing by aligning the features and methods of sharing with the evolving capabilities of AWS Resource Access Manager (RAM).

Reasons for setting a cross-account version:

  1. Feature Updates: Newer versions introduce optimizations and capabilities for cross-account sharing, such as mapping multiple permissions to a single AWS RAM resource share, thereby reducing overhead.

  2. Scalability: Higher versions (version 2 and above) optimize the usage of AWS RAM resources, enabling scalable cross-account setups with fewer resource shares to manage, especially for organizations with many shared resources.

  3. Compatibility with LF-TBAC (Lake Formation Tag-Based Access Control): Version 3 supports more advanced features like sharing resources explicitly with IAM principals, Organizations, or organizational units (OUs). It removes the need for additional AWS Glue policies, simplifying cross-account sharing setups.

  4. Error Prevention: Updating to the appropriate version (e.g., version 3 or higher) ensures compatibility when different accounts are using different versions. Without updating, cross-account grants may fail with errors if the recipient is using a higher version than the grantor.

  5. Backward Compatibility: The named resource method remains compatible across versions, but updating allows users to take advantage of more efficient cross-account data sharing and improved integration with AWS Glue and RAM.

Overall, setting the correct cross-account version ensures smoother, more scalable, and feature-rich data sharing across AWS accounts.

See more about cross-account version: https://docs.aws.amazon.com/lake-formation/latest/dg/optimize-ram.html#cross-account-version-diff

This type of configuration is enabled:

data "aws_caller_identity" "current" {}

resource "aws_lakeformation_data_lake_settings" "test" {
  catalog_id = data.aws_caller_identity.current.account_id

  parameters = {
    "CROSS_ACCOUNT_VERSION" = "4"
  }
}

Relations

Closes #35773

References

Output from Acceptance Testing

% make t T="TestAccLakeFormation_serial/DataLakeSettings" K=lakeformation 
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/lakeformation/... -v -count 1 -parallel 20 -run='TestAccLakeFormation_serial/DataLakeSettings'  -timeout 360m
2024/10/21 18:44:48 Initializing Terraform AWS Provider...
=== RUN   TestAccLakeFormation_serial
=== PAUSE TestAccLakeFormation_serial
=== CONT  TestAccLakeFormation_serial
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins
=== RUN   TestAccLakeFormation_serial/DataLakeSettings
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/basic
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/disappears
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/parameters
--- PASS: TestAccLakeFormation_serial (357.94s)
    --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource (95.21s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic (50.57s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins (44.63s)
    --- PASS: TestAccLakeFormation_serial/DataLakeSettings (262.72s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/basic (44.11s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/disappears (33.50s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId (44.06s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins (41.31s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/parameters (99.75s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation	362.214s

@YakDriver YakDriver requested a review from a team as a code owner October 21, 2024 22:22
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added service/lakeformation Issues and PRs that pertain to the lakeformation service. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. labels Oct 21, 2024
@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Oct 21, 2024
@YakDriver YakDriver changed the title lf/settings: Add parameters map argument lf/settings: Add parameters map argument to support CROSS_ACCOUNT_VERSION Oct 21, 2024
@YakDriver YakDriver changed the title lf/settings: Add parameters map argument to support CROSS_ACCOUNT_VERSION lf/settings: Add parameters map argument to support CROSS_ACCOUNT_VERSION Oct 21, 2024
@YakDriver YakDriver added this to the v5.73.0 milestone Oct 21, 2024
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccLakeFormation_serial/^DataLakeSettings' PKG=lakeformation
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/lakeformation/... -v -count 1 -parallel 20  -run=TestAccLakeFormation_serial/^DataLakeSettings -timeout 360m
2024/10/22 08:26:41 Initializing Terraform AWS Provider...
=== RUN   TestAccLakeFormation_serial
=== PAUSE TestAccLakeFormation_serial
=== CONT  TestAccLakeFormation_serial
=== RUN   TestAccLakeFormation_serial/DataLakeSettings
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/disappears
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/parameters
=== RUN   TestAccLakeFormation_serial/DataLakeSettings/basic
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins
=== RUN   TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic
--- PASS: TestAccLakeFormation_serial (99.11s)
    --- PASS: TestAccLakeFormation_serial/DataLakeSettings (75.92s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/disappears (12.42s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/withoutCatalogId (10.53s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/readOnlyAdmins (10.36s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/parameters (31.80s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettings/basic (10.81s)
    --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource (23.19s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/readOnlyAdmins (11.10s)
        --- PASS: TestAccLakeFormation_serial/DataLakeSettingsDataSource/basic (12.09s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation	104.499s

@YakDriver YakDriver merged commit bce1b18 into main Oct 22, 2024
54 checks passed
@YakDriver YakDriver deleted the f-lakeformation-lake-settings-parameters branch October 22, 2024 13:28
terraform-aws-provider bot pushed a commit that referenced this pull request Oct 22, 2024
Copy link

This functionality has been released in v5.73.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Oct 24, 2024
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. service/lakeformation Issues and PRs that pertain to the lakeformation service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Enhancement]: LakeFormation - Support Cross Account Version Settings
2 participants