使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Crawling DynamoDB table from another account with AWS Glue Crawler

0

I'm trying to figure out how to crawl a DynamoDB in another account with AWS Glue. Right now it seems like Glue can only crawl DynamoDB's in the current user's account. I've tried setting up several IAM roles and policies, and seems like they all don't work. Can anyone confirm if Glue Crawler supports accessing external DynamoDB tables?

主题
安全、身份和合规性分析数据库
标签
AWS 身份和访问权限管理AWS GlueAmazon DynamoDB
语言
English
rePost-User-6209720
已提问 1 年前387 查看次数
1 回答
0

AWS Glue Crawlers do support cross-account crawling. Do you know if your analytics components are managed by AWS Lake Formation? If so, and assuming you've set up the proper cross-account permissions it could be that the permissions are missing Lake Formation. Check to see if the Glue crawlers have the right permissions within the Lake Formation permission management as well.

profile pictureAWS
专家
pechung
已回答 1 年前
  • rePost-User-6209720
    1 年前

    Thanks for replying! After looking into AWS Lake Formation, I had two questions.

    1. Seems like all the examples are about S3, and Lake Formation is optimized for S3. Does approach applies to DynamoDB?
    2. As mentioned in https://aws.amazon.com/blogs/big-data/aws-glue-crawlers-support-cross-account-crawling-to-support-data-mesh-architecture/, it seems like for Account B to crawl data from Account A's data stores, the crawler needs to be created and run in Account A, and the result can be shared with Account B. Is there a way to build a centralized service in which the crawler is created within Account?
  • Gonzalo Herreros 专家
    1 年前

    The idea is the same for both s3 and DDB, one account provides the tables (maybe by crawling) and then they are shared. With s3 you could bypass that but it's not ideal.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容