Skip to content

Commit c810f00

Browse files
javsanbel2javsanbel2
authored
Chagned LF permissions from hms to variable arn (#314)
1 parent 6f2155c commit c810f00

File tree

3 files changed

+16
-6
lines changed

3 files changed

+16
-6
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
33

44
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
55

6+
## [7.10.12] - 2025-05-19
7+
### Added
8+
- Changed from LF permissions `aws_iam_role.apiary_hms_readwrite.arn` to `var.lf_catalog_glue_sync_arn`.
9+
610
## [7.10.11] - 2025-05-16
711
### Added
812
- Added variables to support adding custom log4j configuration for readonly,readwrite and housekeeper hms when deployed in Kubernetes.

lf.tf

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ resource "aws_lakeformation_permissions" "hms_db_permissions" {
2727
for schema in local.schemas_info : "${schema["schema_name"]}" => schema
2828
} : {}
2929

30-
principal = aws_iam_role.apiary_hms_readwrite.arn
30+
principal = var.lf_catalog_glue_sync_arn
3131
permissions = ["DESCRIBE", "CREATE_TABLE"]
3232

3333
database {
@@ -40,7 +40,7 @@ resource "aws_lakeformation_permissions" "hms_tbl_permissions" {
4040
for schema in local.schemas_info : "${schema["schema_name"]}" => schema
4141
} : {}
4242

43-
principal = aws_iam_role.apiary_hms_readwrite.arn
43+
principal = var.lf_catalog_glue_sync_arn
4444
permissions = ["ALL", "DESCRIBE"]
4545

4646
table {
@@ -54,7 +54,7 @@ resource "aws_lakeformation_permissions" "hms_loc_permissions" {
5454
for schema in local.schemas_info : "${schema["schema_name"]}" => schema
5555
} : {}
5656

57-
principal = aws_iam_role.apiary_hms_readwrite.arn
57+
principal = var.lf_catalog_glue_sync_arn
5858
permissions = ["DATA_LOCATION_ACCESS"]
5959

6060
data_location {
@@ -66,7 +66,7 @@ resource "aws_lakeformation_permissions" "hms_loc_permissions" {
6666
resource "aws_lakeformation_permissions" "hms_system_db_permissions" {
6767
count = var.disable_glue_db_init && var.create_lf_resource ? 1 : 0
6868

69-
principal = aws_iam_role.apiary_hms_readwrite.arn
69+
principal = var.lf_catalog_glue_sync_arn
7070
permissions = ["DESCRIBE", "CREATE_TABLE"]
7171

7272
database {
@@ -77,7 +77,7 @@ resource "aws_lakeformation_permissions" "hms_system_db_permissions" {
7777
resource "aws_lakeformation_permissions" "hms_system_tbl_permissions" {
7878
count = var.disable_glue_db_init && var.create_lf_resource ? 1 : 0
7979

80-
principal = aws_iam_role.apiary_hms_readwrite.arn
80+
principal = var.lf_catalog_glue_sync_arn
8181
permissions = ["ALL", "DESCRIBE"]
8282

8383
table {
@@ -89,7 +89,7 @@ resource "aws_lakeformation_permissions" "hms_system_tbl_permissions" {
8989
resource "aws_lakeformation_permissions" "hms_sys_loc_permissions" {
9090
count = var.disable_glue_db_init && var.create_lf_resource ? 1 : 0
9191

92-
principal = aws_iam_role.apiary_hms_readwrite.arn
92+
principal = var.lf_catalog_glue_sync_arn
9393
permissions = ["DATA_LOCATION_ACCESS"]
9494

9595
data_location {

variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -615,6 +615,12 @@ variable "lf_catalog_producer_arns" {
615615
default = []
616616
}
617617

618+
variable "lf_catalog_glue_sync_arn" {
619+
description = "AWS IAM role ARN for glue sync to update table metadata."
620+
type = string
621+
default = ""
622+
}
623+
618624
variable "lf_customer_accounts" {
619625
description = "AWS account IDs granted describe permissions on all glue databases using LakeFormation."
620626
type = list(string)

0 commit comments

Comments
 (0)