1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Ensure that the IAM role AWSGlueDataBrewServiceRole-data-analyst
has trust relationships with the Glue service. Here's a sample trust policy assuming Glue is the service requiring access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Update the IAM policy attached to the role AWSGlueDataBrewServiceRole-data-analyst
to allow the necessary S3 actions (s3:ListBucket, s3:GetObject, etc.) on the specific bucket (s3://my-bucket-311516367207/data-analysis-lab/
). Here's a sample IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab",
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
]
}
]
}
(Optional): Ensure that the S3 bucket (my-bucket-311516367207
) has a policy allowing the necessary actions for the IAM role. Here's a sample bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::311516367207:role/AWSGlueDataBrewServiceRole-data-analyst"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/",
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
]
}
]
}