AWS Lake formation – Error Message

Error Message –

User: arn:aws:iam::xxxx:user/admin is not authorized to perform: lakeformation:PutDataLakeSettings with an explicit deny

Issue – This issue will occur when you will try add new user as Lake formation admin with IAM user which already added as admin to Lake formation

lakeformation:PutDataLakeSettings

Denying this permission prevents a data lake administrator from designating other principals as data lake administrators, leaving this permission only with IAM administrative users. It also prevents the data lake administrator changing the settings on the Settings page of the Lake Formation console. These settings determine the default permissions for newly created databases and tables.

Resolution –

  1. Ensure you are not trying to add user in Lake formation admin group with IAM user already exists as Lake formation Admin.
  2. If yes, Use different IAM admin user to login into console and add user in Admins and database creators group

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s