By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Glue - specific IAM permissions

0

Hello.

I am trying to configure specific iam permission for an user. I need a permission for only read tables from existing Data Catalog. So, I have configured this policiy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "glue:SearchTables",
                "glue:GetDatabase",
                "glue:GetPartition",
                "glue:GetTables",
                "glue:GetPartitions",
                "glue:GetDatabases",
                "glue:GetTable"
            ],
            "Resource": [
                "arn:aws:glue:*:*:catalog",
                "arn:aws:glue:*:*:database/*",
                "arn:aws:glue:*:*:table/*/*"
            ]
        }
    ]
}

But, no errors appear in aws console, but data is not visible. IAM policy simulator says: "denied Implicitly denied (no matching statements).", but I dont understand what is missing. Is there any way to validate what is missing or where is the error?

I have tried to give AdministratorAccess to this user, but the same issue, data is no visible, so I have a question: as I have not configured AWS Glue from the beginning, could AWS Glue have been configured for allowing access to some roles or users? how?

Thanks.

Topics
Security, Identity, & ComplianceAnalytics
Tags
AWS Identity and Access ManagementAWS GlueIAM Policies
Language
English
Orlando
asked 16 days ago185 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content