1. Home
  2. Documentation
  3. Modernisation Platform User Guide
  4. Adding Admin Data Lake Formation Permissions

Adding Admin Data Lake Formation Permissions

AWS Lake Formation is designed to centralise governance, enhance security, and facilitate global sharing of data for analytics and machine learning purposes.

Configuration Overview

To effectively utilise AWS Lake Formation within the Modernisation Platform and avoid permission errors and "nuke" failures, it is essential that you add the following roles in your list of Lake Formation Administrators:

  • CI user role for AWS Nuke purposes.

  • Sandbox role for your account.

Below is an example code snippet to guide you in setting up these roles:


data "aws_iam_role" "github_actions_role" {
  name = "github-actions"
}

data "aws_iam_roles" "modernisation_platform_sandbox_role" {
  name_regex  = "AWSReservedSSO_modernisation-platform-sandbox_.*"
  path_prefix = "/aws-reserved/sso.amazonaws.com/"
}

resource "aws_lakeformation_data_lake_settings" "your_lake_settings_name" {
  admins = [
    "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/${data.aws_region.current.name}/${one(data.aws_iam_roles.modernisation_platform_sandbox_role.names)}",
     data.aws_iam_role.github_actions_role.arn
  ]
}
Last reviewed: 5 December 2025Review status: ✓ Up to dateOwner: #modernisation-platformSource: View source on GitHub

Was this page useful?