Amazon Glue API permissions: Actions and resources reference - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon Glue API permissions: Actions and resources reference

Use the table of Actions, resources, and condition keys for Amazon Glue in the Service Authorization Reference as a reference when you're setting up Identity and access management in Amazon Glue and writing a permissions policy to attach to an IAM identity (identity-based policy) or to a resource (resource policy). The table includes each Amazon Glue API operation, the corresponding actions for which you can grant permissions to perform the action, and the Amazon resource for which you can grant the permissions. You specify the actions in the Action element of your IAM policy statement, and you specify the resource value in the Resource element of your policy statement.

Actions on some Amazon Glue resources require that ancestor and child resource ARNs are also included in the Resource element of your policy statement. For more information, see Data Catalog ARNs.

Generally, you can replace ARN segments with wildcards. For more information, see IAM JSON Policy Elements in the IAM User Guide.

Condition keys for IAM policies are listed by API operation. You can use Amazon-wide condition keys in your Amazon Glue policies to express conditions. For a complete list of Amazon-wide keys, see Amazon Global Condition Keys in the IAM User Guide.

However, the aws:referer and aws:UserAgent condition keys are currently not supported by the Amazon Glue Data Catalog APIs.

Note

To specify an action, use the glue: prefix followed by the API operation name (for example, glue:GetTable).