Configuring IAM permissions for Amazon Glue - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configuring IAM permissions for Amazon Glue

You use Amazon Identity and Access Management (IAM) to define policies and roles that Amazon Glue uses to access resources. The following steps lead you through various options for setting up the permissions for Amazon Glue. Depending on your business needs, you might have to add or reduce access to your resources.

Note

To get started with basic IAM permissions for Amazon Glue instead, see Setting up IAM permissions for Amazon Glue.

  1. Create an IAM policy for the Amazon Glue service: Create a service policy that allows access to Amazon Glue resources.

  2. Create an IAM role for Amazon Glue: Create an IAM role, and attach the Amazon Glue service policy and a policy for your Amazon Simple Storage Service (Amazon S3) resources that are used by Amazon Glue.

  3. Attach a policy to users or groups that access Amazon Glue: Attach policies to any users or groups that sign in to the Amazon Glue console.

  4. Create an IAM policy for notebooks: Create a notebook server policy to use in the creation of notebook servers on development endpoints.

  5. Create an IAM role for notebooks: Create an IAM role and attach the notebook server policy.

  6. Create an IAM policy for Amazon SageMaker notebooks: Create an IAM policy to use when creating Amazon SageMaker notebooks on development endpoints.

  7. Create an IAM role for Amazon SageMaker notebooks: Create an IAM role and attach the policy to grant permissions when creating Amazon SageMaker notebooks on development endpoints.