- Newest
- Most votes
- Most comments
To share your AWS Glue Schema Registry (Registry A) from Account A with resources in another AWS account, you'll need to set up cross-account access. Here's how you can accomplish this:
-
IAM Policy: In Account A, create an IAM policy that grants permissions to access the specific schema registry. This policy should include actions like "glue:GetSchemaByDefinition" and any other necessary permissions for reading schemas.
-
IAM Role: Create an IAM role in Account A and attach the policy you created. This role will be assumed by the other AWS account.
-
Trust Relationship: Modify the trust relationship of the IAM role to allow the other AWS account to assume it. You'll need to add the account ID of the other AWS account to the trust policy.
-
Share Role ARN: Provide the ARN (Amazon Resource Name) of this IAM role to the other AWS account.
-
Assume Role: In the other AWS account, configure the resources to assume the role from Account A when they need to access the schema registry.
-
Use AWS SDK or CLI: The resources in the other account can now use the AWS SDK or CLI, assuming the shared role, to retrieve schemas from Registry A.
Remember to follow the principle of least privilege and only grant the necessary permissions required for schema retrieval. Also, ensure that your schema registry's resource policy (if applicable) allows access from the other account.
By following these steps, you can securely share your Glue Schema Registry across AWS accounts while maintaining control over the access permissions.
Sources
Getting started with schema registry - AWS Glue
AWSGlueSchemaRegistryFullAccess - AWS Managed Policy
Relevant content
- asked 2 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
