[LakeFormation] Error deploying last (third) CloudFormation Stack (AWS Workshop)

[joacodm96]

Hi guys!

I'm just following up the deployment guide from AWS Workshops, it usually works but this time I have this issue when I deploy the third CloudFormationStack

This Custom::CidDashboard resource is in a CREATE_FAILED state.
Received response status [FAILED] from custom resource. Message returned: Provided cur-table-name "cur2" in database "cid_data_export" is not found. Please make sure the table exists. See more: https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/lambda/CidCustomResourceDashboard;stream=2024/12/20/[$LATEST]3c5ec380beba49e39587fd6933c7ff8b (RequestId: fac1e078-5c4e-45dd-83f9-c76fcf98b69f)

Seems something change in the stacks/resources-names. Any idea how to solve this?

[iakov-aws]

do you have the CUR2 deployed as per workshop?

[joacodm96]

Yeap, there's a data export named "cid-cur2", inside the cur 2.0 table, deployed in the payer/mpa account.

[iakov-aws]

Normally the stack deploy a report in bucket in the payer/mpa account but database and table are deployed in another account.

Please make sure that in payer/mpa account the parameter Destination Account is correct and in Destination account that the Source Accounts parameter is the current account

UPD. sorry in Destination account the Destination account parameter must be the current account

[iakov-aws]

[iakov-aws]

Updated my recommendation above. Sorry for confusion

[joacodm-dino]

Thanks for your reply @iakov-aws .

Yeap, I double checked the source/destination accounts when I deployed the stacks. The main issue, I guess, is in the third stack.

Is not finding the table in the athena database, and for sure is there 🤔

[iakov-aws]

i see. do you know if you have Lake Formation on this account?

[joacodm-dino]

Yes, we have Lake Formation

[iakov-aws]

Looks like for LF wee need an additional set of these permissions for this new Database. I think we missed this part.

can you add a similar set of permissions manually?

https://github.com/aws-samples/aws-cudos-framework-deployment/blob/e8f4dc548318e9e5520c782db8cfef8d95664a07/cfn-templates/cid-cfn.yml#L1527C1-L1629C28

[joacodm-dino]

Hey @iakov-aws sorry for delay I was off during the festive days.

So seems the permissions are not working for LakeFormation? How would you recommend adding those permissions manually ?

[toplac]

We are facing the same Issue without LakeFormation.
Simply following this workshop and the third stack fails

Received response status [FAILED] from custom resource. Message returned: Provided cur-table-name "cur2" in database "rioclaid_3999_cid_data_export" is not found. Please make sure the table exists. 

[toplac]

@joacodm96 Did you find a solution/workaround?

[iakov-aws]

You need to add a set of permissions manually

There are several permissions and you can take them from here just replacing with the dedicated database:

• https://github.com/aws-samples/aws-cudos-framework-deployment/blob/e8f4dc548318e9e5520c782db8cfef8d95664a07/cfn-templates/cid-cfn.yml#L1527C1-L1629C28
  We can potentailly develop an additional CFN to do that

[joacodm96]

@iakov-aws Hey sir!
We're still having this issue. We tried adding the permissions manually, but it doesn't seem to be working.

We would really appreciate that extra CFN you mentioned earlier.

[iakov-aws]

Sorry to hear that.
Can you ask your TAM to contact us to set up a debug call?

[joacodm96]

@iakov-aws I’ll try to get you that debug call.

Meanwhile, we tried deploying with both "yes" and "no" options, but it didn’t work. It seems CFN conditions statements are not working as expected.

We also tried granting permissions from the LakeFormation console to the QuickSightRole before the stack deployment failed and started the rollback, but we encountered the same issue.