Understanding resource ownership - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Understanding resource ownership

The Amazon account owns the resources that are created in the account, regardless of who created the resources. Specifically, the resource owner is the Amazon account of the principal entity (that is, the Amazon account root user, an IAM user, or an IAM role) that authenticates the resource creation request. The following examples illustrate how this works:

  • If you use the Amazon account root user credentials of your Amazon account to create a table, your Amazon account is the owner of the resource (in Amazon Glue, the resource is a table).

  • If you create an IAM user in your Amazon account and grant permissions to create a table to that user, the user can create a table. However, your Amazon account, which the user belongs to, owns the table resource.

  • If you create an IAM role in your Amazon account with permissions to create a table, anyone who can assume the role can create a table. Your Amazon account, to which the user belongs, owns the table resource.