Permissions for @turbot/aws-glue
Taking a look at permissions and associated grant levels for each permission for Glue:
Permission | Grant Level | Help |
---|---|---|
cloudformation:DescribeStacks | Metadata | |
cloudformation:GetTemplateSummary | Metadata | |
ec2:DescribeInstances | Metadata | |
ec2:DescribeKeyPairs | Metadata | |
ec2:DescribeRouteTables | Metadata | |
ec2:DescribeSecurityGroups | Metadata | |
ec2:DescribeSubnets | Metadata | |
ec2:DescribeVpcAttribute | Metadata | |
ec2:DescribeVpcEndpoints | Metadata | |
ec2:DescribeVpcs | Metadata | |
glue:BatchCreatePartition | Admin | Creates one or more partitions in a batch operation. |
glue:BatchDeleteConnection | Admin | Deletes a list of connection definitions from the Data Catalog. |
glue:BatchDeletePartition | Admin | |
glue:BatchDeleteTable | Admin | |
glue:BatchDeleteTableVersion | Admin | |
glue:BatchGetBlueprints | Metadata | |
glue:BatchGetCrawlers | Metadata | |
glue:BatchGetDevEndpoints | Metadata | |
glue:BatchGetJobs | Metadata | |
glue:BatchGetPartition | Metadata | |
glue:BatchGetTriggers | Metadata | |
glue:BatchGetWorkflows | Metadata | |
glue:BatchStopJobRun | Operator | |
glue:BatchUpdatePartition | Admin | |
glue:CancelMLTaskRun | Operator | |
glue:CancelStatement | Operator | |
glue:CheckSchemaVersionValidity | Operator | |
glue:CreateBlueprint | Admin | |
glue:CreateClassifier | Admin | Admin can creates a classifier in the user's account. |
glue:CreateConnection | Admin | Admins can create a new Crawler with specified targets or role or configuration or optional schedule. At least one crawl target must be specified in either the s3Targets or the jdbcTargets field. |
glue:CreateCrawler | Admin | |
glue:CreateDatabase | Admin | |
glue:CreateDevEndpoint | Admin | |
glue:CreateJob | Admin | |
glue:CreateMLTransform | Admin | |
glue:CreatePartition | Admin | |
glue:CreatePartitionIndex | Admin | |
glue:CreateRegistry | Admin | |
glue:CreateSchema | Admin | |
glue:CreateScript | Operator | |
glue:CreateSecurityConfiguration | Admin | |
glue:CreateSession | Admin | |
glue:CreateTable | Admin | This can take cross account S3 bucket as data inout store. Cross account S3 access is controlled by S3. Guardrails may come up secific guardrail in future. |
glue:CreateTrigger | Admin | |
glue:CreateUserDefinedFunction | Admin | Creates a new function definition in the Data Catalog. |
glue:CreateWorkflow | Admin | |
glue:DeleteBlueprint | Admin | |
glue:DeleteClassifier | Admin | |
glue:DeleteColumnStatisticsForPartition | Admin | |
glue:DeleteColumnStatisticsForTable | Admin | |
glue:DeleteConnection | Admin | |
glue:DeleteCrawler | Admin | |
glue:DeleteDatabase | Admin | |
glue:DeleteDevEndpoint | Admin | |
glue:DeleteJob | Admin | |
glue:DeleteMLTransform | Admin | |
glue:DeletePartition | Admin | |
glue:DeletePartitionIndex | Admin | |
glue:DeleteRegistry | Admin | |
glue:DeleteResourcePolicy | Admin | Deletes a specified policy. |
glue:DeleteSchema | Admin | |
glue:DeleteSchemaVersions | Admin | |
glue:DeleteSecurityConfiguration | Admin | |
glue:DeleteSession | Admin | |
glue:DeleteTable | Admin | |
glue:DeleteTableVersion | Admin | |
glue:DeleteTrigger | Admin | |
glue:DeleteUserDefinedFunction | Admin | |
glue:DeleteWorkflow | Admin | |
glue:GetBlueprint | Metadata | |
glue:GetBlueprintRun | Metadata | |
glue:GetBlueprintRuns | Metadata | |
glue:GetCatalogImportStatus | Metadata | |
glue:GetClassifier | Metadata | |
glue:GetClassifiers | Metadata | |
glue:GetColumnStatisticsForPartition | Metadata | |
glue:GetColumnStatisticsForTable | Metadata | |
glue:GetConnection | Metadata | Retrieves a connection definition from the Data Catalog. http://docs.aws.amazon.com/glue/latest/webapi/API\_GetConnection.html |
glue:GetConnections | Metadata | |
glue:GetCrawler | Metadata | |
glue:GetCrawlerMetrics | Metadata | |
glue:GetCrawlers | Metadata | |
glue:GetDataCatalogEncryptionSettings | Metadata | |
glue:GetDatabase | Metadata | |
glue:GetDatabases | Metadata | |
glue:GetDataflowGraph | Metadata | |
glue:GetDevEndpoint | Metadata | |
glue:GetDevEndpoints | Metadata | |
glue:GetJob | Metadata | |
glue:GetJobBookmark | Metadata | |
glue:GetJobRun | Metadata | |
glue:GetJobRuns | Metadata | |
glue:GetJobs | Metadata | |
glue:GetMLTaskRun | Metadata | |
glue:GetMLTaskRuns | Metadata | |
glue:GetMLTransform | Metadata | |
glue:GetMLTransforms | Metadata | |
glue:GetMapping | Operator | Operator can create the mappings. http://docs.aws.amazon.com/glue/latest/webapi/API\_GetMapping.html |
glue:GetPartition | Metadata | |
glue:GetPartitionIndexes | Metadata | |
glue:GetPartitions | Metadata | |
glue:GetPlan | Metadata | |
glue:GetRegistry | Metadata | |
glue:GetResourcePolicies | Metadata | |
glue:GetResourcePolicy | Metadata | |
glue:GetSchema | Metadata | |
glue:GetSchemaByDefinition | Metadata | |
glue:GetSchemaVersion | Metadata | |
glue:GetSchemaVersionsDiff | Metadata | |
glue:GetSecurityConfiguration | Metadata | |
glue:GetSecurityConfigurations | Metadata | |
glue:GetSession | Metadata | |
glue:GetStatement | Metadata | |
glue:GetTable | Metadata | |
glue:GetTableVersion | Metadata | |
glue:GetTableVersions | Metadata | |
glue:GetTables | Metadata | Retrieves the definitions of some or all of the tables in a given Database. |
glue:GetTags | Metadata | |
glue:GetTrigger | Metadata | |
glue:GetTriggers | Metadata | |
glue:GetUserDefinedFunction | Metadata | |
glue:GetUserDefinedFunctions | Metadata | |
glue:GetWorkflow | Metadata | |
glue:GetWorkflowRun | Metadata | |
glue:GetWorkflowRunProperties | Metadata | |
glue:GetWorkflowRuns | Metadata | |
glue:GetWorkflowRunsMetadata | Metadata | |
glue:ImportCatalogToGlue | Admin | |
glue:ListBlueprints | Metadata | |
glue:ListCrawlers | Metadata | |
glue:ListDevEndpoints | Metadata | |
glue:ListJobs | Metadata | |
glue:ListMLTransforms | Metadata | |
glue:ListRegistries | Metadata | |
glue:ListSchemaVersions | Metadata | |
glue:ListSchemas | Metadata | |
glue:ListSessions | Metadata | |
glue:ListStatements | Metadata | |
glue:ListTriggers | Metadata | |
glue:ListWorkflows | Metadata | |
glue:NotifyEvent | Operator | |
glue:PutDataCatalogEncryptionSettings | Admin | Admins can set the security configuration for a specified catalog. Once set the specified encryption configuration is applied to every catalog write thereafter. |
glue:PutResourcePolicy | Admin | Sets the Data Catalog resource policy for access control. |
glue:PutSchemaVersionMetadata | Admin | |
glue:PutWorkflowRunProperties | Admin | |
glue:QuerySchemaVersionMetadata | Operator | |
glue:RegisterSchemaVersion | Operator | |
glue:RemoveSchemaVersionMetadata | Admin | |
glue:ResetJobBookmark | Operator | |
glue:ResumeWorkflowRun | Operator | |
glue:RunStatement | Operator | |
glue:SearchTables | Metadata | |
glue:StartBlueprintRun | Operator | |
glue:StartCrawler | Operator | |
glue:StartCrawlerSchedule | Operator | |
glue:StartExportLabelsTaskRun | Operator | |
glue:StartImportLabelsTaskRun | Operator | |
glue:StartJobRun | Operator | |
glue:StartMLEvaluationTaskRun | Operator | |
glue:StartMLLabelingSetGenerationTaskRun | Operator | |
glue:StartTrigger | Operator | |
glue:StartWorkflowRun | Operator | |
glue:StopCrawler | Operator | |
glue:StopCrawlerSchedule | Operator | |
glue:StopSession | Operator | |
glue:StopTrigger | Operator | |
glue:StopWorkflowRun | Operator | |
glue:TagResource | Operator | |
glue:UntagResource | Operator | |
glue:UpdateBlueprint | Admin | |
glue:UpdateClassifier | Admin | |
glue:UpdateColumnStatisticsForPartition | Admin | |
glue:UpdateColumnStatisticsForTable | Admin | |
glue:UpdateConnection | Admin | |
glue:UpdateCrawler | Admin | |
glue:UpdateCrawlerSchedule | Operator | |
glue:UpdateDatabase | Admin | |
glue:UpdateDevEndpoint | Admin | |
glue:UpdateJob | Admin | |
glue:UpdateMLTransform | Admin | |
glue:UpdatePartition | Admin | |
glue:UpdateRegistry | Admin | |
glue:UpdateSchema | Admin | |
glue:UpdateTable | Admin | |
glue:UpdateTrigger | Admin | |
glue:UpdateUserDefinedFunction | Admin | |
glue:UpdateWorkflow | Admin | |
glue:UseMLTransforms | Operator | |
iam:GetRole | Metadata | |
iam:GetRolePolicy | Metadata | |
iam:ListRolePolicies | Metadata | |
iam:ListRoles | Metadata | |
iam:PassRole | Admin | Required to create clusters. |
kms:DescribeKey | Metadata | |
rds:DescribeDBInstances | Metadata | |
redshift:DescribeClusterSubnetGroups | Metadata | |
redshift:DescribeClusters | Metadata | |
s3:GetBucketAcl | Metadata | |
s3:ListAllMyBuckets | Metadata | |
s3:ListBucket | Metadata | |
sagemaker:DescribeNotebookInstance | Metadata | AWS Glue now supports connecting Amazon SageMaker notebooks to development endpoint. |
sagemaker:ListNotebookInstances | Metadata | AWS Glue now supports connecting Amazon SageMaker notebooks to development endpoint. |