AwsGlueDataBrewCustomUserPolicy
The AwsGlueDataBrewCustomUserPolicy
policy grants most of the
permissions required to use the DataBrew console. Some of the resources that are
specified in this policy refer to services that are used by DataBrew. These include
names for Amazon Glue Data Catalog, Amazon S3 buckets, Amazon CloudWatch Logs, and Amazon KMS
resources. It is similar to the Amazon-managed policy named
AwsGlueDataBrewFullAccessPolicy
.
The following table describes the permissions granted by this policy.
Action | Resource | Description |
---|---|---|
|
|
Grants permission to run all DataBrew API operations. |
|
"*" |
Allows listing of Amazon Glue databases and tables. |
|
|
Allows listing of Amazon Data Exchange resources in datasets. |
|
|
Allows listing of Amazon KMS keys to use for encryption of job output. |
|
|
Allows encrypting of job output. |
|
|
Allows listing of Amazon S3 buckets for projects, datasets, and jobs. Allows sending output files to S3. |
|
|
Get information about the current caller. |
|
|
Allow listing Amazon CloudTrail events for datasets (data lineage). |
|
|
Allows listing IAM roles to use for projects and jobs. |