in lib/constructs/data-lake-enrollment.ts [527:574]
private setupIamAndLakeFormationDatabasePermissionForPrincipal(principal: iam.IPrincipal, databasePermissions: Array<DataLakeEnrollment.DatabasePermission>, grantableDatabasePermissions: Array<DataLakeEnrollment.DatabasePermission> ){
this.grantCoarseIamRead(principal);
const databaseName = this.DataEnrollment.Dataset_DatalakeDatabaseName;
var grantIdPrefix = ""
var dataLakePrincipal : lakeformation.CfnPermissions.DataLakePrincipalProperty = {
dataLakePrincipalIdentifier: ""
};
var databaseResourceProperty : lakeformation.CfnPermissions.ResourceProperty = {
//dataLocationResource: {resourceArn: this.DataEnrollment.DataLakeBucketName},
databaseResource: {name: databaseName}
};
if(principal instanceof iam.Role) {
const resolvedPrincipal = principal as iam.Role;
grantIdPrefix = `${resolvedPrincipal.roleArn}-${this.DataSetName}`
dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
}
if(principal instanceof iam.User){
const resolvedPrincipal = principal as iam.User;
grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };
}
if (principal instanceof iam.ArnPrincipal) {
if(principal.arn.includes(":role/")){
const resolvedPrincipal = iam.Role.fromRoleArn(this,'importedRoleLFDatabase',principal.arn);
grantIdPrefix = `${resolvedPrincipal.roleArn}-${this.DataSetName}`
dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.roleArn };
}
if(principal.arn.includes(":user/")){
const resolvedPrincipal = iam.User.fromUserArn(this,'importedUserLFDatabase',principal.arn);
grantIdPrefix = `${resolvedPrincipal.userName}-${this.DataSetName}`
dataLakePrincipal = { dataLakePrincipalIdentifier: resolvedPrincipal.userArn };
}
}
this.grantDatabasePermission(principal, { DatabasePermissions: databasePermissions, GrantableDatabasePermissions: grantableDatabasePermissions });
return { grantIdPrefix: grantIdPrefix, dataLakePrincipal: dataLakePrincipal };
}