Configuring Amazon calls to go through your VPC - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configuring Amazon calls to go through your VPC

The special job parameter disable-proxy-v2 allows you to route your calls to services such as Amazon S3, CloudWatch, and Amazon Glue through your VPC. By default, Amazon Glue uses a local proxy to send traffic through the Amazon Glue VPC to download scripts and libraries from Amazon S3, to send requests to CloudWatch for publishing logs and metrics, and to send requests to Amazon Glue for accessing data catalogs. This proxy allows the job to function normally even if your VPC doesn't configure a proper route to other Amazon services, such as Amazon S3, CloudWatch, and Amazon Glue. Amazon Glue now offers a parameter for you to turn off this behavior. For more information, see Job parameters used by Amazon Glue. Amazon Glue will continue to use local proxy for publishing CloudWatch logs of your Amazon Glue jobs.

  • This feature is supported for Amazon Glue jobs with Amazon Glue version 2.0 and above. When using this feature, you need to ensure that your VPC has configured a route to Amazon S3 through a NAT or service VPC endpoint.

  • The deprecated job parameter disable-proxy only routes your calls to Amazon S3 for downloading scripts and libraries through your VPC. It’s recommended to use the new parameter disable-proxy-v2 instead.

Example usage

Create an Amazon Glue job with disable-proxy-v2:

aws glue create-job \ --name no-proxy-job \ --role GlueDefaultRole \ --command "Name=glueetl,ScriptLocation=s3://my-bucket/" \ --connections Connections="traffic-monitored-connection" \ --default-arguments '{"--disable-proxy-v2" : "true"}'