1 個回答
- 最新
- 最多得票
- 最多評論
0
Ensure that the IAM role AWSGlueDataBrewServiceRole-data-analyst has trust relationships with the Glue service. Here's a sample trust policy assuming Glue is the service requiring access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Update the IAM policy attached to the role AWSGlueDataBrewServiceRole-data-analyst to allow the necessary S3 actions (s3:ListBucket, s3:GetObject, etc.) on the specific bucket (s3://my-bucket-311516367207/data-analysis-lab/). Here's a sample IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab",
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
]
}
]
}
(Optional): Ensure that the S3 bucket (my-bucket-311516367207) has a policy allowing the necessary actions for the IAM role. Here's a sample bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::311516367207:role/AWSGlueDataBrewServiceRole-data-analyst"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/",
"arn:aws:s3:::my-bucket-311516367207/data-analysis-lab/*"
]
}
]
}
