Data Catalog settings - Amazon Glue
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Data Catalog settings

The Data Catalog settings contains options to set encryption and permissions options for the Data Catalog in your account.

The screenshot shows the Data Catalog settings modal.
To change the fine-grained access control of the Data Catalog
  1. Sign in to the Amazon Web Services Management Console and open the Amazon Glue console at

  2. Choose an encryption option.

    • Metadata encryption – Select this check box to encrypt the metadata in your Data Catalog. Metadata is encrypted at rest using the Amazon Key Management Service (Amazon KMS) key that you specify. For more information, see Encrypting your Data Catalog.

    • Encrypt connection passwords – Select this check box to encrypt passwords in the Amazon Glue connection object when the connection is created or updated. Passwords are encrypted using the Amazon KMS key that you specify. When passwords are returned, they are encrypted. This option is a global setting for all Amazon Glue connections in the Data Catalog. If you clear this check box, previously encrypted passwords remain encrypted using the key that was used when they were created or updated. For more information about Amazon Glue connections, see Connecting to data.

      When you enable this option, choose an Amazon KMS key, or choose Enter a key ARN and provide the Amazon Resource Name (ARN) for the key. Enter the ARN in the form arn:aws:kms:region:account-id:key/key-id . You can also provide the ARN as a key alias, such as arn:aws:kms:region:account-id:alias/alias-name .


      If this option is selected, any user or role that creates or updates a connection must have kms:Encrypt permission on the specified KMS key.

      For more information, see Encrypting connection passwords.

  3. Choose Settings, and then in the Permissions editor, add the policy statement to change fine-grained access control of the Data Catalog for your account. Only one policy at a time can be attached to a Data Catalog. You can paste a JSON resource policy into this control. For more information, see Resource-based policies within Amazon Glue.

  4. Choose Save to update your Data Catalog with any changes you made.

You can also use Amazon Glue API operations to put, get, and delete resource policies. For more information, see Security APIs in Amazon Glue.