Adding an IAM policy for a console user
Setting up permissions for a user for the Amazon Web Services Management Console is optional, but if you require console access, take this step first.
To set up permissions to reach DataBrew on the console, choose one of the following:
-
Use the policy that's managed by Amazon:
AwsGlueDataBrewFullAccessPolicy
. If you choose this option, skip to the next policy, Adding permissions for data resources for an IAM role. -
Create the policy described in this section,
AwsGlueDataBrewCustomUserPolicy
. This option enables you to customize the policy with additional custom security requirements.
The following policy grants the permissions needed to run the DataBrew console. You provide those permissions by using IAM.
To define the AwsGlueDataBrewCustomUserPolicy IAM policy for DataBrew (console)
-
Download the JSON for the
AwsGlueDataBrewCustomUserPolicy
IAM policy. -
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane, choose Policies.
-
For each policy, choose Create Policy.
-
On the Create Policy screen, navigate to the JSON tab.
-
Copy the policy JSON statement that you downloaded. Paste it over the sample statement in the editor.
-
Verify that the policy is customized to your account, security requirements, and required Amazon resources. If you need to make changes, you can make them in the editor.
-
Choose Review policy.
To define the AwsGlueDataBrewCustomUserPolicy IAM policy for DataBrew (Amazon CLI)
-
Download the JSON for the
AwsGlueDataBrewCustomUserPolicy
IAM policy. -
Customize the policy as described in the first step of the previous procedure.
-
Run the following command to create the policy.
aws iam create-policy --policy-name AwsGlueDataBrewCustomUserPolicy --policy-document file://iam-policy-AwsGlueDataBrewCustomUserPolicy.json