AWS Lake Formation group mapping

The Protect group mapping for AWS Lake Formation must follow the syntax for IAM identifiers.

Suppose that you want to create a Protect group named Sales that maps to the AWS IAM user arn:aws:iam::000000000000:user/[email protected]. Then, the Protect API to add a new group should have the following syntax.

{
  "name": "Sales",
  "mappings":
  [
    {
     "provider": "AWSLakeFormation",
     "identity": "arn:aws:iam::000000000000:user/[email protected]"
    }
  ]
}