AwsGlueDataBrewDataResourcePolicy
The AwsGlueDataBrewDataResourcePolicy
policy grants the permissions needed to
connect to data and to configure DataBrew.
The following table describes the permissions granted by this policy.
Action | Resource | Description |
---|---|---|
|
|
Allows you to preview your files. |
|
|
Allows sending output files to S3. |
|
|
Allows deleting an object created by DataBrew. |
|
|
Allows listing of Amazon S3 buckets from projects, datasets, and jobs. |
"kms:Decrypt" |
|
Allows decrypting for encrypted datasets. |
|
|
Allows encrypting of job output. |
|
|
Allows the setup of Amazon EC2 network items, such as virtual private clouds (VPCs), when running jobs and projects. |
|
"*" |
Allows deleting a network interface in a VPC. |
|
|
Allows creating and deleting tags. You need these
permissions if you use an Amazon Glue Data Catalog with a VPC enabled. DataBrew passes
data to Amazon Glue to run your jobs and projects. These permissions allow tagging
of Amazon EC2 resources created for development endpoints. Amazon Glue tags Amazon EC2
network interfaces, security groups, and instances with
|
|
|
Allows writing logs to Amazon CloudWatch Logs DataBrew writes logs to
log groups whose names begin with |
|
|
Allows access to Amazon Lake Formation, provided Using Lake Formation requires further configuration in the Lake Formation console. |