Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GH-993] - Removing AWS Manged Lake Formation Service Linked Role from Pivot Role Nested Stack #999

Merged
merged 1 commit into from
Jan 25, 2024
Merged

[GH-993] - Removing AWS Manged Lake Formation Service Linked Role from Pivot Role Nested Stack #999

merged 1 commit into from
Jan 25, 2024

Conversation

TejasRGitHub
Copy link
Contributor

Feature or Bugfix

  • Bugfix

Detail

  • Updating code to remove AWSServiceRoleForLakeFormationDataAccess role which is created in the pivot role nested stack

Testing

  1. Deployed code and checked all the environment are in proper state and that this role is removed from AWS account - ✅
  2. Imported a dataset ( with and without KMS key ) ✅
  3. Created a dataset ✅
  4. Created shares for both type of datasets ✅
  5. Onboarded another environment successfully ✅

Relates

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes
    fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization? N/A
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features? N/A
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users? Removing Role
    • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@TejasRGitHub TejasRGitHub mentioned this pull request Jan 24, 2024
Closed
@noah-paige
Copy link
Contributor

noah-paige commented Jan 25, 2024
edited
Loading

Thanks @TejasRGitHub - WIll quickly repeat testing above in one additional data.all AWS deployment, then can approve:

For Existing Env

  • Update removes Env
  • Pre-existing Shares still work

For New Env

  • Link Successful with no LF SLR (check PivotRole still added as Data Lake Admin)
  • Create New Dataset & Dataset S3 Location Registered in LF

noah-paige
noah-paige approved these changes Jan 25, 2024
View reviewed changes
Copy link
Contributor

@noah-paige noah-paige left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested - looks good!

@noah-paige noah-paige merged commit 560bdee into data-dot-all:main Jan 25, 2024
8 checks passed
@TejasRGitHub TejasRGitHub deleted the gh-993-Remove-LakeFormationSLR branch January 25, 2024 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@noah-paige noah-paige noah-paige approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TejasRGitHub @noah-paige