Step 4: Configure an IAM role for your ETL job

When you create the Amazon Glue ETL job, you specify an Amazon Identity and Access Management (IAM) role for the job to use. The role must grant access to all resources used by the job, including Amazon S3 (for any sources, targets, scripts, driver files, and temporary directories), and also Amazon Glue Data Catalog objects.

The assumed IAM role for the Amazon Glue ETL job must also have access to the secret that was created in the previous section. By default, the AWS managed role AWSGlueServiceRole does not have access to the secret. To set up access control for your secrets, see Authentication and Access Control for Amazon Secrets Manager and Limiting Access to Specific Secrets.

To configure an IAM role for your ETL job

Configure the permissions described in Review IAM permissions needed for ETL jobs.
Configure the additional permissions needed when using connectors with Amazon Glue Studio, as described in Permissions required for using connectors.

Next step

Step 5: Create a job that uses the OpenSearch connection

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Step 3: Activate the connector in Amazon Glue Studio and create a connection

Step 5: Create a job that uses the OpenSearch connection