[AWS::LakeFormation::DataLakeSettings] - [Coverage] - Missing Database Creator Setting

[IkeNefcy]

Name of the resource

AWS::LakeFormation::DataLakeSettings

Resource name

No response

Description

This functionality appears to not be supported by SDK either https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/LakeFormation.html

Feature Description

A new API function may be required.
The functionality this is referring to in console is in LakeFormation > Administrative roles and tasks. On this page there are 3 settings, Data lake administrators, Catalog creators, Database creators.

Current State

In the current state, Data lake administrators is already supported in AWS::LakeFormation::DataLakeSettings, this is via the "Admins" Property. However, it appears that Catalog creators and Database creators are not supported at this time.

Database creators defaults to only IAM Allowed Principals, and Catalog creators has no defaults. This is an issue in general for teams using the "REPLACE" method of handling LF permissions with CFN.

Desired State

As mentioned SDK support may be needed first, so this lift could be significant.
The end goal is for CDK to have this ability enabled in it's L1 constructs, see issue aws/aws-cdk#27671.

To support this, a CFN property needs to be added to allow us to specify specific roles that are allowed to be Database Creators.
Database creators is the main request, but since Catalog creators is also missing, if possible we could look into this at the same time, but this is not critical at this time.

Other Details

No response