By using AWS re:Post, you agree to the Terms of Use

Policy config for Firehose format conversion glue access


I'm looking to set up format conversion for my firehose delivery stream. The configuration involves specifying a role with access to glue to determine the output schema. I haven't been able to find the exact requirements for this role anywhere in the docs, the only descriptor is "The role that Kinesis Data Firehose can use to access AWS Glue."

What actions/resources does a policy need to specify for firehose to be able to use the role for format conversion?

1 Answers


I understand that you have been having issues specifying the appropriate policy to give Firehose permission to access AWS glue for format conversion.

The below statement, which can be added to your current policy, is taken from the official AWS documentation [1]:

Grant Kinesis Data Firehose Access to AWS Glue for Data Format Conversion

If your delivery stream performs data-format conversion, Kinesis Data Firehose references table definitions stored in AWS Glue. To give Kinesis Data Firehose the necessary access to AWS Glue, add the following statement to your policy. For information on how to find the ARN of the table, see Specifying AWS Glue Resource ARNs (

{ "Effect": "Allow", "Action": [ "glue:GetTable", "glue:GetTableVersion", "glue:GetTableVersions" ], "Resource": "table-arn" }

[1]Controlling Access with Amazon Kinesis Data Firehose - Amazon Kinesis Data Firehose (

Please let me know if this response helps to resolve your issue or if you have any other questions.

answered a month ago
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions